Home > database >  How to update Key Vault Secrets with function app default key and service bus connection string usin
How to update Key Vault Secrets with function app default key and service bus connection string usin

Time:12-03

I want to update the key vault secret values by getting the function app default key and service bus connection string using PowerShell/CLI script.

So, can anyone please help me out on this issue.

CodePudding user response:

Based on the above requirement, We have written the below PowerShell script to pull the function app key value (default & MasterKey), function app application setting (Azure webjob storage) value.

Using those key values the script will create a secrets in the respective key vault.

Here is the PowerShell Script:

$accountInfo = az account show
$accountInfoObject = $accountInfo | ConvertFrom-Json
$subscriptionId  = $accountInfoObject.id

$resourceGroup = <ResourceGroupName>
$functionName = <functionName>
$vaultname=<vaultName>

$functionkeylist = az rest --method post --uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroup/providers/Microsoft.Web/sites/$functionName/host/default/listKeys?api-version=2018-11-01"
$keylistobject = $functionkeylist | ConvertFrom-Json

##To pull the functionapp specific setting 

$appsetting=az functionapp config appsettings list --name $functionName --resource-group $resourceGroup --query "[?name=='AzureWebJobsStorage'].{Value:value}" -o tsv ##pulling specific functionappsetting

##This block will create the secrets for specific app setting & functionapp key

az keyvault secret set --name $functionName'defaultkey' --vault-name $vaultname --value $keylistobject.functionKeys.default 
az keyvault secret set --name $functionName'masterkey' --vault-name $vaultname --value $keylistobject.masterKey 
az keyvault secret set --name $functionName'webappstorage' --vault-name $vaultname --value $appsetting

Note:

In the above PowerShell we have pulled existing app setting AzureWebJobStorage created a secret in the keyvault. would suggest you change the $appsettings block with the respective functionapp appsetting to create a secret in keyvault.

Here is the sample output for reference:

enter image description here

Updated Answer:

Add the below code to above PowerShell script which will pull the service bus connection string app setting of functionapp & will store connection string value as secret in key vault.

$servucebusappsetting=az functionapp config appsettings list --name $functionName --resource-group $resourceGroup --query "[?name=='azfapsb_RootManageSharedAccessKey_SERVICEBUS'].{Value:value}" -o tsv ##app setting of  service connection string will be in the format (<servicebusName>_RootManageSharedAccessKey_SERVICEBUS)

az keyvault secret set --name $functionName'ServiceBusConnectionString' --vault-name $vaultname --value $servucebusappsetting

Page link:https//www.codepudding.com/database/213473.html

Prev:Python Azure function not working after deployment from VSCode
Next:SQLite showing a percentage of a SUM from total SUM
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding