Email: Password:       Forgot Password 
A Saarsha Group Online Community for dot net codes group like C#, Asp.NET, VB.NET, Sharepoint, JavaScript, JQuery, Ajax, SQL, WCF, WPF.

Azure Key Vault - Secure Azure Functions AppSetting

Viewed:  2390 
Posted On:  05/10/2019 12:39:21 
In Cloud, security is always a concern. You have to make sure that no one should be able to see the credentials or client’s data. In this article, I am going to use a feature in Microsoft Azure ie: Azure Key Vault which can help us to secure our data in a very secure way. Here we will see how we can get the connection strings from Azure Key Vault and use it in our Azure Function instead of using it from the usual App Settings. 


To keep your secure information like connection string, password etc. in a more secure way, We have Azure Key Vault.

Azure Key Vault is a secure way of storing keys, certificates, and secrets so that application can access it when needs.

Microsoft Azure Key Vault is a cloud-hosted management service that allows users to encrypt keys and small secrets by using keys that are protected by hardware security modules (HSMs).

Azure Key Vault helps solve the following problems:

  • Secrets Management - Azure Key Vault can be used to securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets

  • Key Management - Azure Key Vault can also be used as a Key Management solution. Azure Key Vault makes it easy to create and control the encryption keys used to encrypt your data.

  • Certificate Management - Azure Key Vault is also a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with Azure and your internal connected resources.

  • Store secrets backed by Hardware Security Modules - The secrets and keys can be protected either by software or FIPS 140-2 Level 2 validates HSMs


Below are the steps in my article:

  • Create an Azure Key Vault
  • Create an Secret 
  • Create a Function App in Azure Portal
  • In Key Vault - Add an Access policy for Azure Function
  • In Azure Portal Function App - Add Application setting
  • Create an Azure function from Visual Studio Code
  • Deploy Azure Function
  • User Azure function through URL to access Value from Key Vault.

Step 1: Create an Azure Key vault with the secret key.

Open Azure Portal:

Search Key Vaults -> Select Key Vaults


Image 1.

Select Key Vaults and click on + Add (To Create New Key Vaults)


Image 2.

Now click on Access Policy


Image 3.

Fill all required values and leave rest as default.


Image 4.

Click on Create.


Image 5.

Azure key Vault has been created.

Now add a secret here. So from Left side menu click on Secret.


Image 6.


Image 7.


Image 8.

New Secret has been added. Now click on this newly created secret.


Image 9.

Click on the current version

Here you can find out your Secret Identifier URI.

Key Vault with a Secret has been created. Now Deploy your Azure Function who will use your secret.


Image 10.

In Azure Portal, Navigate to  Azure Function App:


Image 11.

In networking click on Identity:


Image 12.

Here make sure, Under  (System assigned) Identity – Status is On.

Azure Function:

"A system assigned managed identity enables Azure resources to authenticate to cloud services (e.g. Azure Key Vault) without storing credentials in code. Once enabled, all necessary permissions can be granted via Azure role-based-access-control. The lifecycle of this type of managed identity is tied to the lifecycle of this resource. Additionally, each resource (e.g. Virtual Machine) can only have one system assigned managed identity." 

Save and close it.

Now Time to Grant Access Function App to Key Vault:

Open your Key Vault again -> Click on Access Policies from Left Side Menu:


Image 13.


Image 14.


Image 15.


Image 16.

Add - An Azure Function Application setting

Fom Azure Key Vault copy Secret Identifier key:


Image 17.

Now open Azure Function Configuration pane:


Image 18.


Image 19.

Click Ok to Save

Application Setting has been added.


Image 20.

Time to do code to use this application-setting key in your Function App Code in Visual Studio Code:


Image 21.

Now Publish your Code:


Image 22.

Now Check in Azure Portal:


Image 23.

Now hit URL in a Browser


Image 24.


         HOME   |   Submit Article   |   Contact Us   |   About Us   |   Terms & Condition   |   Advertise With us