Introduction
In this blog, we will see how to get secret from the Azure Key Vault in Azure Function.
Prerequisites
- Access to Azure account (Admin)
- Visual Studio 2017
What’s New in Azure Function
Earlier, we had to manually register Application under Azure Active Directory to get Client Id(Application Id) and Client Key(Client Secret).
But this approach has a drawback
- Manually check when client key is going to expired
- Hard-code client key in app setting/configuration page.
With a new enhancement, Azure will take care of Application Registration and keep client key secret from the user.
Advantage
- Azure will automatically add Application under Active directory and create a principal user for Azure Function.
- No need of Client Id and Client Secret Key to retrieve the value from Key Vault.
Steps
- Create a Resource Group
- Create a new Azure Function App
- Provision the service
- Enable Identity(System Assigned) under Platform features
- Create a new Key Vault
- Provision the service
- Add secret Key-Value
- Add Policy for Azure Function
- Deploy the Azure Function using Visual Studio
- click here to view the code
- Validate using Postman(REST Call)
Steps in Detailed
1. Create a Resource Group
- Navigate to Azure account
- Click on + sign
- Enter the name and select the appropriate location
2. Create a new Azure Function App
3. Create a new Azure Key Vault
4. Deploy the Azure function from Visual Studio
Click here to follow the prerequisites for Azure function
- Open the visual studio and create a new Project as a Azure Function App
Install following Packages from NuGet Package manager
- Microsoft.Azure.Services.AppAuthentication
- Microsoft.Azure.KeyVault
From the Portal Copy Key Vault URL.
Click here to download code from GitHub
Open the Azure Portal and Navigate to Azure Function App
Using Postman sent request to Azure Function . Do not forget to add name attribute from as Key
Yippee !!! Finally we have retrieved the value from the key vault .
Tips
You can perform similar steps for other Azure services to get value from the Azure Key Vault. Just find Identity tab and make required modifications.
Cheers !!!!!
Help Links
https://docs.microsoft.com/en-us/azure/azure-functions/
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-whatis
https://dzone.com/articles/using-msi-with-azure-functions-and-key-vault