Get the default Host Key for a Function App via the CLI

Question

I'm using the az cli and I need to retrieve the default Host Key for a given Function App.

I've tried various options under az functionapp, but none of the output seems to contain the key.

For example, the below outputs lots of information about the Function App, but not any of the Host or Function Keys.

az functionapp show --resource-group my-resource-group --name my-function-app

score 0 · Accepted Answer · answered Dec 11 '17 at 16:13

I required a Linux compatible solution, so PowerShell was out of the question. However, I was able to translat the solution provided in this answer.

TENANT="XXX"
CLIENT_ID="XXX"
CLIENT_SECRET="XXX"
SUBSCRIPTION_ID="XXX"
RESOURCE_GROUP="my-resource-group"
FUNCTION_APP_NAME="my-function-app"
API_URL="https://$FUNCTION_APP_NAME.scm.azurewebsites.net/api/functions/admin/token"
SITE_URL="https://$FUNCTION_APP_NAME.azurewebsites.net/admin/host/systemkeys/_master"

### Grab a fresh bearer access token.
ACCESS_TOKEN=$(curl -s -X POST -F grant_type=client_credentials -F resource=https://management.azure.com/ -F client_id=$CLIENT_ID -F client_secret=$CLIENT_SECRET https://login.microsoftonline.com/$TENANT/oauth2/token | jq '.access_token' -r)

### Grab the publish data for the Funciton App and output it to an XML file.
PUBLISH_DATA=$(curl -s -X POST -H "Content-Length: 0" -H "Authorization: Bearer $ACCESS_TOKEN" https://management.azure.com/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RESOURCE_GROUP/providers/Microsoft.Web/sites/$FUNCTION_APP_NAME/publishxml?api-version=2016-08-01)
echo $PUBLISH_DATA > publish_data.xml

### Grab the Kudu username and password from the publish data XML file.
USER_NAME=$(xmlstarlet sel -t -v "//publishProfile[@profileName='$FUNCTION_APP_NAME - Web Deploy']/@userName" publish_data.xml)
USER_PASSWORD=$(xmlstarlet sel -t -v "//publishProfile[@profileName='$FUNCTION_APP_NAME - Web Deploy']/@userPWD" publish_data.xml)

### Generate a JWT that can be used with the Functions Key API.
JWT=$(curl -s -X GET -u $USER_NAME:$USER_PASSWORD $API_URL | tr -d '"')

### Grab the '_master' key from the Functions Key API.
KEY=$(curl -s -X GET -H "Authorization: Bearer $JWT" $SITE_URL | jq -r '.value')

score 0 · Answer 2 · edited Mar 17 '20 at 08:58

FOR /F "tokens=* USEBACKQ" %%F IN (`CALL az rest --method post --uri "/subscriptions/{your 
subscriptionId}/resourceGroups/{yourresourcegroup}/providers/Microsoft.Web/sites/{yourfunctionname}/host/default/listKeys?api-version=2018-11-01" --query functionKeys.default --output tsv`) DO (
SET apikey=%%F
)
echo ##vso[task.setvariable variable=functionhostKey;]%apikey%

apikey gets the value and puts in variable functionhostKey

Get the default Host Key for a Function App via the CLI

2 Answers2