Skip to content

Instantly share code, notes, and snippets.

@bachoang bachoang/Function1.cs Secret
Last active Jan 3, 2019

Embed
What would you like to do?
Function App getting key vault secret
using System;
using Microsoft.Azure.WebJobs;
using Microsoft.Azure.WebJobs.Host;
using Microsoft.Azure.KeyVault;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System.Threading.Tasks;
using System.Security.Cryptography.X509Certificates;
namespace KeyVaulfFunc
{
public static class Function1
{
private const string applicationId = "Your Application ID";
private const string cerificateThumbprint = "You certificate thumbprint";
[FunctionName("Function1")]
public async static Task Run([TimerTrigger("0 */5 * * * *")]TimerInfo myTimer, TraceWriter log)
{
log.Info($"C# Timer trigger function executed at: {DateTime.Now}");
var keyVaultClient = new KeyVaultClient(async (authority, resource, scope) =>
{
var authenticationContext = new AuthenticationContext(authority, null);
X509Certificate2 certificate;
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
try
{
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certificateCollection = store.Certificates.Find(X509FindType.FindByThumbprint, cerificateThumbprint, false);
if (certificateCollection == null || certificateCollection.Count == 0)
{
log.Info($"Certificate not installed in the store");
throw new Exception("Certificate not installed in the store");
}
certificate = certificateCollection[0];
}
finally
{
store.Close();
}
var clientAssertionCertificate = new ClientAssertionCertificate(applicationId, certificate);
var result = await authenticationContext.AcquireTokenAsync(resource, clientAssertionCertificate);
var token = result.AccessToken;
return token;
});
var secretIdentifier = "https://blogkv123.vault.azure.net/secrets/SQLPassword/";
var secret = await keyVaultClient.GetSecretAsync(secretIdentifier);
log.Info($"My secret is: {secret.Value}");
}
}
}
using System;
using Microsoft.Azure.WebJobs;
using Microsoft.Azure.WebJobs.Host;
using Microsoft.Azure.KeyVault;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System.Threading.Tasks;
using System.Security.Cryptography.X509Certificates;
namespace KeyVaulfFunc
{
public static class Function1
{
private const string applicationId = "...";
private const string cerificateThumbprint = "...";
[FunctionName("Function1")]
public async static Task Run([TimerTrigger("0 */5 * * * *")]TimerInfo myTimer, TraceWriter log)
{
log.Info($"C# Timer trigger function executed at: {DateTime.Now}");
var keyVaultClient = new KeyVaultClient(async (authority, resource, scope) =>
{
var authenticationContext = new AuthenticationContext(authority, null);
X509Certificate2 certificate;
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
try
{
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certificateCollection = store.Certificates.Find(X509FindType.FindByThumbprint, cerificateThumbprint, false);
if (certificateCollection == null || certificateCollection.Count == 0)
{
log.Info($"Certificate not installed in the store");
throw new Exception("Certificate not installed in the store");
}
certificate = certificateCollection[0];
}
finally
{
store.Close();
}
var clientAssertionCertificate = new ClientAssertionCertificate(applicationId, certificate);
var result = await authenticationContext.AcquireTokenAsync(resource, clientAssertionCertificate);
var token = result.AccessToken;
return token;
});
var secretIdentifier = "https://blogkv123.vault.azure.net/secrets/SQLPassword/";
var secret = await keyVaultClient.GetSecretAsync(secretIdentifier);
log.Info($"My secret is: {secret.Value}");
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.