Azure Function App using Managed Service Identity to retrieve Creds from Azure Key Vault
# MSI Variables via Function Application Settings Variables | |
# Endpoint and Password | |
$endpoint = $env:MSI_ENDPOINT | |
$endpoint | |
$secret = $env:MSI_SECRET | |
$secret | |
# Vault URI to get AuthN Token | |
$vaultTokenURI = 'https://vault.azure.net&api-version=2017-09-01' | |
# Our Key Vault Credential that we want to retreive URI | |
# NOTE: API Ver for this is 2015-06-01 | |
$vaultSecretURI = 'https://<yourKeyVault>.vault.azure.net/secrets/<KeyName>/<KeyID>/?api-version=2015-06-01' | |
# Create AuthN Header with our Function App Secret | |
$header = @{'Secret' = $secret} | |
# Get Key Vault AuthN Token | |
$authenticationResult = Invoke-RestMethod -Method Get -Headers $header -Uri ($endpoint +'?resource=' +$vaultTokenURI) | |
$authenticationResult | |
# Use Key Vault AuthN Token to create Request Header | |
$requestHeader = @{ Authorization = "Bearer $($authenticationResult.access_token)" } | |
# Call the Vault and Retrieve Creds | |
$creds = Invoke-RestMethod -Method GET -Uri $vaultSecretURI -ContentType 'application/json' -Headers $requestHeader | |
write-output "Credential ID: " $($creds.id) | |
write-output "Credential Value: " $($creds.value) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment