Azure Key Vault for Sensitive Configuration Settings
  • 09 Sep 2022
  • 1 Minute to read
  • Contributors
  • Comment
  • Dark
    Light
  • PDF

Azure Key Vault for Sensitive Configuration Settings

  • Comment
  • Dark
    Light
  • PDF

#ServerlessTips - Azure Functions
Author: Steef-Jan Wiggers Azure MVP

Settings for your function app can be set in the function application settings. Here you set the runtime, quota (Gb-Sec), manage slots, and keys. Furthermore, you can also manage the application settings for your function through manage the application setting. In this settings tab you can, for instance, manage a few general settings, application (function) settings, and connection strings.

When you are dealing with sensitive settings for your function you can choose to place these in Azure KeyVault.

For instance, a Google profile containing authentication and authorization data necessary to get access to Google Cloud resources. You can store this profile in Azure KeyVault and get them through using a few lines of code in your function.

var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
                     new KeyVaultClient.AuthenticationCallback(
                        azureServiceTokenProvider.KeyVaultTokenCallback));
var googleProfile = (await keyVaultClient.GetSecretAsync(config["GOOGLE_PROFILE"])).Value;
You will need to add your function app in the Access policies of the KeyVault instance, and set the right permissions for your function app.

Tip 10 - Use KeyVault for sensitive configuration settings - Picture 1.png

A benefit of using Azure KeyVault, in general, is that you have a central and highly available service storing settings (secrets) for one or more applications, and services.

This benefit also applies to your functions, in case your multiple functions requiring the same secret regardless if the functions reside in the same or other Function Apps.

Azure-functions.png


Was this article helpful?