2

I have created an Azure Function app in Nodejs version 12. My hosting environment is windows. What is the easiest way to capture the username and password which are saved in Azure key vault inside my function. Also I am using Inline code Editor so how should be capture the credentials in code.

Thanks

Vipendra Singh
  • 689
  • 2
  • 12
  • 26

1 Answers1

5

The node SDK used in above answer is going to be deprecated and won't have new feature and releases. Instead, the new versions are released here:

https://www.npmjs.com/package/@azure/keyvault-secrets

Here are the detailed steps to retrieve the secret value for your reference.

1.Enable system assigned managed identity in your function.

enter image description here

2.Add this service principal to the access policy of your key vault.

enter image description here

3.Install the dependencies to your function.

  "dependencies": {
    "@azure/identity": "^1.0.3",
    "@azure/keyvault-secrets": "^4.0.4"
  }

4.Here is my testing function code

module.exports = async function (context, req) {

const { DefaultAzureCredential } = require("@azure/identity");
const { SecretClient } = require("@azure/keyvault-secrets");
const keyVaultName = "tonykeyvault20190801";
const KVUri = "https://" + keyVaultName + ".vault.azure.net";

const credential = new DefaultAzureCredential();
const client = new SecretClient(KVUri, credential);

const retrievedSecret = await client.getSecret("username");
const username=retrievedSecret.value;
context.log(username);
  context.res = {
      body: username 
  };
}

5.The execution result.

enter image description here

Tony Ju
  • 14,891
  • 3
  • 17
  • 31
  • @VipendraSingh My pleasure – Tony Ju Jun 23 '20 at 07:49
  • Hi @TonyJu, Is there a way to write the same code in synchronous function. When I write the code by removing the async keyword and statement without 'await' like this const retrievedSecret = client.getSecret("username"); I get the output as undefined. Is there any way to solve this? – Vipendra Singh Jun 24 '20 at 09:19
  • It wasnot working for me, i had to do: "Your app can’t reach the Key Vault — add your app’s IP (available under Custom domains) to your Key Vault’s firewall (under Networking)." https://medium.com/geekculture/troubleshooting-azure-key-vault-references-in-azure-function-apps-b228c1216f63 Or else we need to use premium plan for Azure function and create a virtual network , attach our function to it. add virtual network to Key Vault’s firewall (under Networking) – Cpp crusaders Oct 01 '21 at 04:45
  • link for virtual network: https://learn.microsoft.com/en-us/azure/azure-functions/functions-create-vnet – Cpp crusaders Oct 01 '21 at 12:57