Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Azure Function App using Managed Service Identity to retrieve Creds from Azure Key Vault
# MSI Variables via Function Application Settings Variables
# Endpoint and Password
$endpoint = $env:MSI_ENDPOINT
$endpoint
$secret = $env:MSI_SECRET
$secret
# Vault URI to get AuthN Token
$vaultTokenURI = 'https://vault.azure.net&api-version=2017-09-01'
# Our Key Vault Credential that we want to retreive URI
# NOTE: API Ver for this is 2015-06-01
$vaultSecretURI = 'https://<yourKeyVault>.vault.azure.net/secrets/<KeyName>/<KeyID>/?api-version=2015-06-01'
# Create AuthN Header with our Function App Secret
$header = @{'Secret' = $secret}
# Get Key Vault AuthN Token
$authenticationResult = Invoke-RestMethod -Method Get -Headers $header -Uri ($endpoint +'?resource=' +$vaultTokenURI)
$authenticationResult
# Use Key Vault AuthN Token to create Request Header
$requestHeader = @{ Authorization = "Bearer $($authenticationResult.access_token)" }
# Call the Vault and Retrieve Creds
$creds = Invoke-RestMethod -Method GET -Uri $vaultSecretURI -ContentType 'application/json' -Headers $requestHeader
write-output "Credential ID: " $($creds.id)
write-output "Credential Value: " $($creds.value)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.