Email: Password:       Forgot Password 
    .netCodeSG
A Saarsha Group Online Community for dot net codes group like C#, Asp.NET, VB.NET, Sharepoint, JavaScript, JQuery, Ajax, SQL, WCF, WPF.
 
TECHNOLOGIES:
 

Azure Key Vault - Secure Azure Functions AppSetting

Article:
Viewed:  644 
Posted On:  05/10/2019 12:39:21 
In Cloud, security is always a concern. You have to make sure that no one should be able to see the credentials or client’s data. In this article, I am going to use a feature in Microsoft Azure ie: Azure Key Vault which can help us to secure our data in a very secure way. Here we will see how we can get the connection strings from Azure Key Vault and use it in our Azure Function instead of using it from the usual App Settings. 

 

To keep your secure information like connection string, password etc. in a more secure way, We have Azure Key Vault.

Azure Key Vault is a secure way of storing keys, certificates, and secrets so that application can access it when needs.

Microsoft Azure Key Vault is a cloud-hosted management service that allows users to encrypt keys and small secrets by using keys that are protected by hardware security modules (HSMs).

Azure Key Vault helps solve the following problems:

  • Secrets Management - Azure Key Vault can be used to securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets

  • Key Management - Azure Key Vault can also be used as a Key Management solution. Azure Key Vault makes it easy to create and control the encryption keys used to encrypt your data.

  • Certificate Management - Azure Key Vault is also a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with Azure and your internal connected resources.

  • Store secrets backed by Hardware Security Modules - The secrets and keys can be protected either by software or FIPS 140-2 Level 2 validates HSMs

 

Below are the steps in my article:

  • Create an Azure Key Vault
  • Create an Secret 
  • Create a Function App in Azure Portal
  • In Key Vault - Add an Access policy for Azure Function
  • In Azure Portal Function App - Add Application setting
  • Create an Azure function from Visual Studio Code
  • Deploy Azure Function
  • User Azure function through URL to access Value from Key Vault.


Step 1: Create an Azure Key vault with the secret key.

Open Azure Portal: https://portal.azure.com/

Search Key Vaults -> Select Key Vaults

1.png

Image 1.

Select Key Vaults and click on + Add (To Create New Key Vaults)

2.png

Image 2.

Now click on Access Policy

3.png

Image 3.

Fill all required values and leave rest as default.

4.png

Image 4.

Click on Create.

5.png

Image 5.

Azure key Vault has been created.

Now add a secret here. So from Left side menu click on Secret.

6.png

Image 6.

7.png

Image 7.

8.png

Image 8.

New Secret has been added. Now click on this newly created secret.

9.png

Image 9.

Click on the current version

Here you can find out your Secret Identifier URI.

https://keyvaultdevdemotest.vault.azure.net/secrets/DBConnectionString/a520325d428240888836fabcc8669609

Key Vault with a Secret has been created. Now Deploy your Azure Function who will use your secret.

10.png

Image 10.

In Azure Portal, Navigate to  Azure Function App:

11.png

Image 11.

In networking click on Identity:

12.png

Image 12.

Here make sure, Under  (System assigned) Identity – Status is On.

Azure Function:

"A system assigned managed identity enables Azure resources to authenticate to cloud services (e.g. Azure Key Vault) without storing credentials in code. Once enabled, all necessary permissions can be granted via Azure role-based-access-control. The lifecycle of this type of managed identity is tied to the lifecycle of this resource. Additionally, each resource (e.g. Virtual Machine) can only have one system assigned managed identity." 

Save and close it.

Now Time to Grant Access Function App to Key Vault:

Open your Key Vault again -> Click on Access Policies from Left Side Menu:

13.png

Image 13.

14.png

Image 14.

15.png

Image 15.

16.png

Image 16.

Add - An Azure Function Application setting

Fom Azure Key Vault copy Secret Identifier key:

https://keyvaultdevdemotest.vault.azure.net/secrets/DBConnectionString/a520325d428240888836fabcc8669609

17.png

Image 17.

Now open Azure Function Configuration pane:

18.png

Image 18.

19.png

Image 19.

Click Ok to Save

Application Setting has been added.

20.png

Image 20.

Time to do code to use this application-setting key in your Function App Code in Visual Studio Code:

21.png

Image 21.

Now Publish your Code:

22.png

Image 22.

Now Check in Azure Portal:

23.png

Image 23.

Now hit URL in a Browser

24.png

Image 24.

 

  Comment:
         HOME   |   Submit Article   |   Contact Us   |   About Us   |   Terms & Condition   |   Advertise With us