An Interest In:
Web News this Week
- April 2, 2024
- April 1, 2024
- March 31, 2024
- March 30, 2024
- March 29, 2024
- March 28, 2024
- March 27, 2024
Using Key Vault in Azure Functions
Create a Key Vault
First, create a Key Vault in Azure named jack-keyvault, which contains:
Secret | Value |
---|---|
TestKey | Hello World |
As shown below:
Test the Function App locally
Create a Function App:
func init KeyVaultFunction --dotnet
Install Key Vault's dependencies:
cd KeyVaultFunctiondotnet restoredotnet add package Azure.Identitydotnet add package Azure.Security.KeyVault.Secrets
Then add a Http-Triggered function, I named it HttpTrigger.cs and paste the following code:
using System;using Azure.Security.KeyVault.Secrets;using Azure.Identity;using Microsoft.AspNetCore.Mvc;using Microsoft.Azure.WebJobs;using Microsoft.Azure.WebJobs.Extensions.Http;using Microsoft.AspNetCore.Http;using Microsoft.Extensions.Logging;namespace KeyVaultFunction{ public class HttpTrigger { [FunctionName("HttpTrigger")] public IActionResult Run( [HttpTrigger(AuthorizationLevel.Anonymous, "get", "post", Route = null)] HttpRequest req, ILogger log ) { try { string keyVaultUrl = Environment.GetEnvironmentVariable("KEY_VAULT_URL")!; string secretName = Environment.GetEnvironmentVariable("SECRET_NAME")!; var client = new SecretClient(new Uri(keyVaultUrl), new DefaultAzureCredential()); KeyVaultSecret secret = client.GetSecret(secretName); log.LogInformation($"Successfully get Key Vault from: {keyVaultUrl}. Secret name: {secretName}"); return new OkObjectResult(secret.Value); } catch (Exception ex) { log.LogInformation($"Exception occurred. Source: {ex.Source}. Message: {ex.Message}"); return new BadRequestObjectResult($"Exception occurred. Source: {ex.Source}. Message: {ex.Message}"); } } }}
When the user triggers this function, this code will read the values of KEY_VAULT_URL
and SECRET_NAME
from local.settings.json, then request Key Vault to return the value of the secret, and finally display the result and return it to the user through OkObjectResult
.
{ "IsEncrypted": false, "Values": { "AzureWebJobsStorage": "UseDevelopmentStorage=true", "FUNCTIONS_WORKER_RUNTIME": "dotnet", "KEY_VAULT_URL": "https://jack-keyvault.vault.azure.net/", "SECRET_NAME": "TestKey" }}
Now you can test it locally. First log in to Azure to allow SecretClient
to verify the identity of you, and then execute the Function App:
az loginfunc start
Test whether the Function App can get the secret:
curl http://localhost:7071/api/HttpTriggerHello World
Test Function App in Azure Portal
First create a Function App, I named it Jack1, then enable its Identity, and press Save:
Fill in the KEY_VAULT_URL
and SECRET_NAME
that just appeared in local.settings.json into Configuration, and then press Save:
Then go back to Key Vault to add an Access Polocy, and then press Save, so that Function App can get the secret data:
Then push the Function App to Azure:
func azure functionapp publish Jack1
Then open https://jack1.azurewebsites.net/api/httptrigger through the browser to see the Hello World string.
Original Link: https://dev.to/blueskyson/using-key-vault-in-azure-functions-58gp
Dev To
An online community for sharing and discovering great ideas, having debates, and making friendsMore About this Source Visit Dev To