-
-
Save darrenjrobinson/4067578f3883457456cfc2cee8ca7243 to your computer and use it in GitHub Desktop.
Azure Function App using Managed Service Identity to retrieve Creds from Azure Key Vault
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# MSI Variables via Function Application Settings Variables | |
# Endpoint and Password | |
$endpoint = $env:MSI_ENDPOINT | |
$endpoint | |
$secret = $env:MSI_SECRET | |
$secret | |
# Vault URI to get AuthN Token | |
$vaultTokenURI = 'https://vault.azure.net&api-version=2017-09-01' | |
# Our Key Vault Credential that we want to retreive URI | |
# NOTE: API Ver for this is 2015-06-01 | |
$vaultSecretURI = 'https://<yourKeyVault>.vault.azure.net/secrets/<KeyName>/<KeyID>/?api-version=2015-06-01' | |
# Create AuthN Header with our Function App Secret | |
$header = @{'Secret' = $secret} | |
# Get Key Vault AuthN Token | |
$authenticationResult = Invoke-RestMethod -Method Get -Headers $header -Uri ($endpoint +'?resource=' +$vaultTokenURI) | |
$authenticationResult | |
# Use Key Vault AuthN Token to create Request Header | |
$requestHeader = @{ Authorization = "Bearer $($authenticationResult.access_token)" } | |
# Call the Vault and Retrieve Creds | |
$creds = Invoke-RestMethod -Method GET -Uri $vaultSecretURI -ContentType 'application/json' -Headers $requestHeader | |
write-output "Credential ID: " $($creds.id) | |
write-output "Credential Value: " $($creds.value) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment