Azure Key Vault for Sensitive Configuration Settings
- Print
- DarkLight
- PDF
Azure Key Vault for Sensitive Configuration Settings
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
#ServerlessTips - Azure Functions
Author: Steef-Jan Wiggers Azure MVP
Settings for your function app can be set in the function application settings. Here you set the runtime, quota (Gb-Sec), manage slots, and keys. Furthermore, you can also manage the application settings for your function through manage the application setting. In this settings tab you can, for instance, manage a few general settings, application (function) settings, and connection strings.
When you are dealing with sensitive settings for your function you can choose to place these in Azure KeyVault.
For instance, a Google profile containing authentication and authorization data necessary to get access to Google Cloud resources. You can store this profile in Azure KeyVault and get them through using a few lines of code in your function.
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(
azureServiceTokenProvider.KeyVaultTokenCallback));
var googleProfile = (await keyVaultClient.GetSecretAsync(config["GOOGLE_PROFILE"])).Value;
You will need to add your function app in the Access policies of the KeyVault instance, and set the right permissions for your function app.
A benefit of using Azure KeyVault, in general, is that you have a central and highly available service storing settings (secrets) for one or more applications, and services.
This benefit also applies to your functions, in case your multiple functions requiring the same secret regardless if the functions reside in the same or other Function Apps.
Was this article helpful?