-
-
Save bachoang/069082b4a4a2df7b0e3f9ef4ccf4498b to your computer and use it in GitHub Desktop.
Function App getting key vault secret
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using Microsoft.Azure.WebJobs; | |
using Microsoft.Azure.WebJobs.Host; | |
using Microsoft.Azure.KeyVault; | |
using Microsoft.IdentityModel.Clients.ActiveDirectory; | |
using System.Threading.Tasks; | |
using System.Security.Cryptography.X509Certificates; | |
namespace KeyVaulfFunc | |
{ | |
public static class Function1 | |
{ | |
private const string applicationId = "Your Application ID"; | |
private const string cerificateThumbprint = "You certificate thumbprint"; | |
[FunctionName("Function1")] | |
public async static Task Run([TimerTrigger("0 */5 * * * *")]TimerInfo myTimer, TraceWriter log) | |
{ | |
log.Info($"C# Timer trigger function executed at: {DateTime.Now}"); | |
var keyVaultClient = new KeyVaultClient(async (authority, resource, scope) => | |
{ | |
var authenticationContext = new AuthenticationContext(authority, null); | |
X509Certificate2 certificate; | |
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser); | |
try | |
{ | |
store.Open(OpenFlags.ReadOnly); | |
X509Certificate2Collection certificateCollection = store.Certificates.Find(X509FindType.FindByThumbprint, cerificateThumbprint, false); | |
if (certificateCollection == null || certificateCollection.Count == 0) | |
{ | |
log.Info($"Certificate not installed in the store"); | |
throw new Exception("Certificate not installed in the store"); | |
} | |
certificate = certificateCollection[0]; | |
} | |
finally | |
{ | |
store.Close(); | |
} | |
var clientAssertionCertificate = new ClientAssertionCertificate(applicationId, certificate); | |
var result = await authenticationContext.AcquireTokenAsync(resource, clientAssertionCertificate); | |
var token = result.AccessToken; | |
return token; | |
}); | |
var secretIdentifier = "https://blogkv123.vault.azure.net/secrets/SQLPassword/"; | |
var secret = await keyVaultClient.GetSecretAsync(secretIdentifier); | |
log.Info($"My secret is: {secret.Value}"); | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using Microsoft.Azure.WebJobs; | |
using Microsoft.Azure.WebJobs.Host; | |
using Microsoft.Azure.KeyVault; | |
using Microsoft.IdentityModel.Clients.ActiveDirectory; | |
using System.Threading.Tasks; | |
using System.Security.Cryptography.X509Certificates; | |
namespace KeyVaulfFunc | |
{ | |
public static class Function1 | |
{ | |
private const string applicationId = "..."; | |
private const string cerificateThumbprint = "..."; | |
[FunctionName("Function1")] | |
public async static Task Run([TimerTrigger("0 */5 * * * *")]TimerInfo myTimer, TraceWriter log) | |
{ | |
log.Info($"C# Timer trigger function executed at: {DateTime.Now}"); | |
var keyVaultClient = new KeyVaultClient(async (authority, resource, scope) => | |
{ | |
var authenticationContext = new AuthenticationContext(authority, null); | |
X509Certificate2 certificate; | |
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser); | |
try | |
{ | |
store.Open(OpenFlags.ReadOnly); | |
X509Certificate2Collection certificateCollection = store.Certificates.Find(X509FindType.FindByThumbprint, cerificateThumbprint, false); | |
if (certificateCollection == null || certificateCollection.Count == 0) | |
{ | |
log.Info($"Certificate not installed in the store"); | |
throw new Exception("Certificate not installed in the store"); | |
} | |
certificate = certificateCollection[0]; | |
} | |
finally | |
{ | |
store.Close(); | |
} | |
var clientAssertionCertificate = new ClientAssertionCertificate(applicationId, certificate); | |
var result = await authenticationContext.AcquireTokenAsync(resource, clientAssertionCertificate); | |
var token = result.AccessToken; | |
return token; | |
}); | |
var secretIdentifier = "https://blogkv123.vault.azure.net/secrets/SQLPassword/"; | |
var secret = await keyVaultClient.GetSecretAsync(secretIdentifier); | |
log.Info($"My secret is: {secret.Value}"); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment