CODEWITHSUNDEEP
azure-functionsazure-cosmosdb
Richard Fuller
Richard Fuller

Reputation: 474

Azure Functions, CosmosDB Trigger: How to store connection string in keyvault

The skeleton code for a CosmosDB triggered function is:

[CosmosDBTrigger(
            databaseName: "databaseName",
            collectionName: "collectionName",
            ConnectionStringSetting = "string",
            LeaseCollectionName = "leases")]

ConnectionStringSetting is limited to being an AppSetting here. I would like to go to key vault to grab this secret.

The comments for the attribute suggest that there is a way using CosmosDBOptions:

    /// Optional. A string value indicating the app setting to use as the CosmosDB connection string, if different
    /// than the one specified in the <see cref="CosmosDBOptions"/>.

but it's not clear how to use that class within the context of an Azure Function.

Is this possible?

Upvotes: 3

Views: 2008

Answers (2)

Pankaj Rawat
Pankaj Rawat

Reputation: 4573

Now the solution is available in Azure function

You can put your all keys, Secrets and Certificate into Key Vault and access via KeyValue URL (with Manage Identity). With manage Identity, you don't need to store KeyVault credential in your Azure function config.

Key Vault Secrets in Azure Function with Manage Identity

Upvotes: 3

Matias Quaranta
Matias Quaranta

Reputation: 15603

The CosmosDBOptions refers to the configuration that can be set at the host.json level.

At the moment it is not possible to set the Connection String from Azure Key Vault, but it is a feature we'd like to include.

Upvotes: 1

Related Questions