Skip to content

Instantly share code, notes, and snippets.

Created September 19, 2017 00:34
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save darrenjrobinson/4067578f3883457456cfc2cee8ca7243 to your computer and use it in GitHub Desktop.
Azure Function App using Managed Service Identity to retrieve Creds from Azure Key Vault
# MSI Variables via Function Application Settings Variables
# Endpoint and Password
$endpoint = $env:MSI_ENDPOINT
$secret = $env:MSI_SECRET
# Vault URI to get AuthN Token
$vaultTokenURI = ''
# Our Key Vault Credential that we want to retreive URI
# NOTE: API Ver for this is 2015-06-01
$vaultSecretURI = 'https://<yourKeyVault><KeyName>/<KeyID>/?api-version=2015-06-01'
# Create AuthN Header with our Function App Secret
$header = @{'Secret' = $secret}
# Get Key Vault AuthN Token
$authenticationResult = Invoke-RestMethod -Method Get -Headers $header -Uri ($endpoint +'?resource=' +$vaultTokenURI)
# Use Key Vault AuthN Token to create Request Header
$requestHeader = @{ Authorization = "Bearer $($authenticationResult.access_token)" }
# Call the Vault and Retrieve Creds
$creds = Invoke-RestMethod -Method GET -Uri $vaultSecretURI -ContentType 'application/json' -Headers $requestHeader
write-output "Credential ID: " $($
write-output "Credential Value: " $($creds.value)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment