Accessing to Key Vault from Azure Functions with Managed Identity
|
public class AppModule : Module |
|
{ |
|
public override void Load(IServiceCollection services) |
|
{ |
|
var azureServiceTokenProvider = new AzureServiceTokenProvider(); |
|
var kv = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); |
|
|
|
services.AddSingleton<IKeyVaultClient>(kv); |
|
... |
|
} |
|
} |
|
public class GetSecretFunction : FunctionBase<ILogger>, IGetSecretFunction |
|
{ |
|
private readonly IKeyVaultClient _kv; |
|
... |
|
|
|
public GetSecretFunction(AppSettings settings, IMapper mapper, IKeyVaultClient kv) |
|
{ |
|
this._kv = kv ?? throw new ArgumentNullException(nameof(kv)); |
|
... |
|
} |
|
|
|
public override async Task<TOutput> InvokeAsync<TInput, TOutput>(TInput input, FunctionOptionsBase options = null) |
|
{ |
|
... |
|
var secret = await this._kv |
|
.GetSecretAsync("https://my-keyvault.vault.azure.net/", "[secret key]") |
|
.ConfigureAwait(false); |
|
... |
|
} |
|
} |
|
var provider = new AzureServiceTokenProvider(); |
|
var kv = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(provider.KeyVaultTokenCallback)); |
|
|
|
var secret = await kv.GetSecretAsync("https://my-keyvault.vault.azure.net", "[secret key]") |
|
.ConfigureAwait(false); |
/appmodule.cs
Created