In a development environment, you most likely will be using plain text values in App Settings, but in higher environments, you might not have the luxury to do that. Instead, you might have to read secrets from an Azure Key Vault. In this post, let's see how we can consume a secret in an Azure Key Vault from an Azure Function App. It's actually pretty easy. I am assuming you already have an Azure Function App and an Azure Key Vault created.
First, go to your Function App, click on the Identity tab, and then turn it on.
 |
| Identity On |
Then, go to your Azure Key Vault where you have your secrets, Click on Access Policies.
 |
| Access Policies |
And from there click on + Add Access Policy. So here since I am only giving access to read Secrets, I am selecting only Get from Secret permissions multi select dropdown. And then click on Select principal and search for your function application name, select and Add.
 |
| Add access policy |
 |
| Secret Identifier |
Now go back to the Function App configuration settings, set the value for your key like below.
@Microsoft.KeyVault(SecretUri=https://copied-secret-identifier)
And you can see it's getting resolved.
 |
| Add/Edit application setting |
So that's it and no code changes required.
Happy Coding.
Regards,
Jaliya
