I have been tasked to move the connection from an Azure function to Key Vault instead of storing it as a Function AppSetting. The syntax of the Azure function is as follows:

AuthType=ClientSecret;ClientId=<clientId>;ClientSecret=<ClientSecret>;Url=<Url>

I've created the Key Vault, key and secret, but where to add the above connection in Key Vault?

Also, am I correct that once I add the above connection to my key, I can go back to my Azure Function, go to the Configuration blade and replace the AppSetting value with the URL to my Key Vault Secret URI?

Thanks

CodePudding user response：

There are a few approaches to achieving this especially given you can make use of the managed identity framework, but, if you want to use it as an appsetting, you need to use a specific syntax to do so.

This documentation explains how to use the reference syntax ...

https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references?tabs=azure-cli#reference-syntax

As per the documentation ...

Complete Reference

@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecret/)

Alternatively

@Microsoft.KeyVault(VaultName=myvault;SecretName=mysecret)

Be sure to grant the function app access to the KeyVault secret. Help on configuring this can be found here ...

https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references?tabs=azure-cli#granting-your-app-access-to-key-vault

CodePudding user response：

I was confusing the concepts of "key" and "secret". Once I understood which each does, I was able to create my secret and then update my App Setting.