- Create a Key Vault.
- Add
all configurations in Key Vault Secret.
- Setup
Access configuration in Key Vault.
- Setup
Access policies in Key Vault.
- Add
Azure Function Out Bound Ip's in Key Vault Networking àFirewall.
- Create
Azure Function.
- Setup
Managed / User Identity.
- Create
Function App Configurations using Key Vault Secret Identifier.
Create
a Key Vault:
Use link: Home - Microsoft Azure and search Key Vault in azure portal.
Add
all configurations in Key Vault Secret:
Secrets ---> Generate / Import
Setup
Access configuration in Key Vault.
We can use any one access permissions model, as below.
1.
Azure role-based access control (recommended)
2. Vault access policy
Setup
Access policies in Key Vault:
KeyVault
--> Access Policies --> Add New Access Policy:
a.
Configure from template: Key & Secret Management
i. Key
Permissions: Select/Deselect (Optional)
ii. Secret
Permissions: Select the permissions required like Get...
iii. Certificate
Permissions: Select/Deselect (Optional)
b.
Select Principal: Authorize your function app to access this key
vault.
(Use System Managed Identity or User Managed Identity)
Add Azure
Function Out Bound Ips in Key Vault:
Networking à Firewall à Add your IP address
Copy
all outbound Ips from Azure Function and add all Ips one by
one in the above firewall.
Create Function
App Configurations using Key Vault Secret Identifier Reference:
1.
Copy your KeyVault SecretIdentifier in any text editor.
· In the same text editor, copy this setting:
@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecret/)
· Replace the SecretUri with your copied
KeyVault Secret Identifier value from the KeyVault resource.
In the Function App - Configuration Add secret identifier setting in Application Settings
@Microsoft.KeyVault(SecretUri=https://comms-keyvault-uat.vault.azure.net/secrets/SbConnectionString/1a0f2a91ab114f2a8b178721c92a6447)
No comments:
Post a Comment