CODEWITHSUNDEEP
azureazure-functionsazure-keyvaultazure-eventhub
Mrunal
Mrunal

Reputation: 14128

How to bind Event hub in Azure Functions using Key Vault secret for connection string?

I have developed an Azure Function app for EventHubTrigger. Here is the basic code: 

public static class MyEventHubTriggerFunction
{

    [FunctionName("MyEventHubTriggerFunction")]
    public static async Task Run([EventHubTrigger("EventHubName",
        Connection = "EventHubConnectionString")] 
        string[] eventHubMessages, 
        TraceWriter log, 
        ExecutionContext context)
        { ... }
}

And here is my local.settings.json file:

{
  "IsEncrypted": false,
  "Values": {
    "AzureWebJobsStorage": "UseDevelopmentStorage=true",
    "AzureWebJobsDashboard": "UseDevelopmentStorage=true",
    "FUNCTIONS_WORKER_RUNTIME": "dotnet",
    "EventHubName": "<myEventHubName>",
    "EventHubConnectionString": "<myEventHubConnectionString>"
  }
}

While deploying this app it works correctly on machine or on Azure. Here it is must to paste EventHubConnectionString into json file.

Is there any way to fetch that value from KeyVault secret using MSI authentication and it should automatically be used in instanciating EventHubTrigger instance in Run method parameter ?

I am aware about how to get secret within function scope using KeyVaultClient but here the function trigger run method itself requires connection string hence I require a way to override that with KeyVault secret.

Upvotes: 2

Views: 1733

Answers (2)

Ola L Martins
Ola L Martins

Reputation: 43

If anyone (as me) stumbles across this question and haven't found this (https://medium.com/statuscode/getting-key-vault-secrets-in-azure-functions-37620fd20a0b)

In short (if the link is broken):

Running locally - have the setting in local.settings.json

When moving to Azure, enter the connection string into your key vault

Finally add the application setting (the same key as in your local.settings.json-file) but enter the key vault url instead of the actual connection string

Note! The Azure Function must have permission to access the key vault. This is also described in the article

Upvotes: 1

brettsam
brettsam

Reputation: 2792

This is not supported today. See https://github.com/Azure/azure-webjobs-sdk/issues/746.

One approach (mentioned here) is to use an ARM template for deployment and inject the key from KeyVault there.

Upvotes: 2

Related Questions