Skip to main content

Azure KV and FuncApp


1. Create a FunctionApp and add a system assigned identity to it. Create on the search bar and select func app. The go to the identity section and turn on the status button. This creates an identity and registers the func app in azure ad. Now we need to grant this identity permissions to read from KV




2. Create a Keyvault and create a secret. I have created 2 (Name = Anish and surname = Aravind)
















3. Give the function app identity access to read the secrets from Keyvault



4. Select the certificates drop down and select Get and List. Since we need to read the secrets. 


5. Save the changes















6. Go to the Configuration section in the function app and add the following values. Cliick on create new application setting. The setting is a key value pair.  I have created 2 because I need to read 2 secrets from KV. The application setting key will be the key for the secret in KV.

Name : @Microsoft.KeyVault(SecretUri=secretidentifierfor the secret)

To  get the secret identifier for the secret. Go to KV and click on the current version.

 This takes you to a new blade. Copy the secret identifier and use it as the value for the application setting that we created.


Key -- name of the secret 
Value -- @Microsoft.KeyVault(SecretUri=secretidentifierfor the secret)





Now simply read the values from keyvault as environment variables.

public static class Function1
    {
[FunctionName("Function1")]
public static async Task<IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
            ILogger log)
{
log.LogInformation("C# HTTP trigger function processed a request.");
log.LogInformation("C# HTTP trigger function processed a request.");

var name = Environment.GetEnvironmentVariable("Name", EnvironmentVariableTarget.Process);
var surname = Environment.GetEnvironmentVariable("surname", EnvironmentVariableTarget.Process);

            
return new OkObjectResult($"Name {name}, Surname {surname}");
        }
    } 

Output:




Comments

Popular posts from this blog

Az-500 NSG and ASG

Application security groups Application security groups enable you to configure network security as a natural extension of an application's structure, allowing you to group virtual machines and define network security policies based on those groups. You can reuse your security policy at scale without manual maintenance of explicit IP addresses. The platform handles the complexity of explicit IP addresses and multiple rule sets, allowing you to focus on your business logic. To better understand application security groups, consider the following example: In the previous picture,  NIC1  and  NIC2  are members of the  AsgWeb  application security group.  NIC3  is a member of the  AsgLogic  application security group.  NIC4  is a member of the  AsgDb  application security group. Though each network interface in this example is a member of only one network security group, a network interface can be a member of multiple app...

App Role assignment to service principal --

 Using Ms Graph Rest API's Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see  Permissions . Permission type Permissions (from least to most privileged) Delegated (work or school account) AppRoleAssignment.ReadWrite.All and Application.Read.All, AppRoleAssignment.ReadWrite.All and Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All Delegated (personal Microsoft account) Not supported. Application AppRoleAssignment.ReadWrite.All and Application.Read.All, AppRoleAssignment.ReadWrite.All and Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All Create 2 app registrations. App role owner will contain the app role that will be assigned to a service principal. The  reader role in approleowner will be added to the approlesubscriber Setup postman to use the Oauth auth flow to get a token for MS Graph. ClientId:   Application (client) ID for approlesubscrib...

Get user groups

 string[] scopes = new string[] { "https://graph.microsoft.com/.default" };             string clientId = "";             string tenantId = "";             string secret = "";                        var options = new TokenCredentialOptions             {                 AuthorityHost = AzureAuthorityHosts.AzurePublicCloud             };             // https://learn.microsoft.com/dotnet/api/azure.identity.clientsecretcredential             try             {                 var clientSecretCredential = new ClientSecretCredential(                        ...