Azure Function App using Managed Service Identity to retrieve Creds from Azure Key Vault
| # MSI Variables via Function Application Settings Variables | |
| # Endpoint and Password | |
| $endpoint = $env:MSI_ENDPOINT | |
| $endpoint | |
| $secret = $env:MSI_SECRET | |
| $secret | |
| # Vault URI to get AuthN Token | |
| $vaultTokenURI = 'https://vault.azure.net&api-version=2017-09-01' | |
| # Our Key Vault Credential that we want to retreive URI | |
| # NOTE: API Ver for this is 2015-06-01 | |
| $vaultSecretURI = 'https://<yourKeyVault>.vault.azure.net/secrets/<KeyName>/<KeyID>/?api-version=2015-06-01' | |
| # Create AuthN Header with our Function App Secret | |
| $header = @{'Secret' = $secret} | |
| # Get Key Vault AuthN Token | |
| $authenticationResult = Invoke-RestMethod -Method Get -Headers $header -Uri ($endpoint +'?resource=' +$vaultTokenURI) | |
| $authenticationResult | |
| # Use Key Vault AuthN Token to create Request Header | |
| $requestHeader = @{ Authorization = "Bearer $($authenticationResult.access_token)" } | |
| # Call the Vault and Retrieve Creds | |
| $creds = Invoke-RestMethod -Method GET -Uri $vaultSecretURI -ContentType 'application/json' -Headers $requestHeader | |
| write-output "Credential ID: " $($creds.id) | |
| write-output "Credential Value: " $($creds.value) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment