Home > Enterprise >  Azure function ServiceBusTrigger connection string value not in application settings
Azure function ServiceBusTrigger connection string value not in application settings

Time:04-25

Before I deploy a function app and functions through PowerShell > ARM template I dynamically get a service bus connection string and update the value in the connection binding in the function.json file. Then I deploy the function app and function.

Deployment works, but the function app returns an error message:

Microsoft.Azure.WebJobs.ServiceBus: Microsoft Azure WebJobs SDK ServiceBus connection string 'Endpoint=sb://sbname.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;[Hidden Credential]' is missing or empty.

The question is: Do we really have to create an application setting on the function app with this connection string in it? Is there no other option than using the app setting?

It feels like storing the connection string in another location than on the service bus would just create another vulnerability. I am aware that I could define "connection": "RootManageSharedAccessKey_SERVICEBUS" in the function.json file and then create an app setting with that same name, but that's not the way forward I want to go.

Thank you for sharing your insights.

CodePudding user response:

Please check if my findings help to:

  • Instead of storing the Service Bus Connection String directly, you can utilize the Azure Key Vault Service or Azure App Configuration Service.

  1. You can store the confidential values like Connection Strings, Key-value pairs, Client Secrets, Certificate Passwords, etc. in Azure Key Vault.

Assume you have stored the ServiceBus connection string in the Key Vault. That you want to retrieve in the Function App through Application Settings but here in the app setting you can define as:

"connection": @Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/RootManageSharedAccessKey_SERVICEBUS/)

This KeyVault URI cannot be accessed by any other user until they are assigned with System or User Assigned Managed Identity Permission.

  1. Azure App Configuration is a central place where you can manage application settings and secure their accesses in one place. Refer here for more information.
  • Related