How to pass secrets downloaded from Azure KeyVault as parameters to an Azure Function?

Question

In an Azure release pipeline, I'm trying to download a password stored as a secret in an Azure KeyVault, and then pass that password as a parameter when invoking an Azure app function.

I've created a release pipeline in Azure that contains 3 tasks; the first two are run on an agent:

1. Deploy an Azure Function App
2. Download secrets from an Azure Key Vault.

The final task is run as an agentless job:

3. Invoke Azure Function

The name of the secret that I'm downloading is e-password.

In the Query parameters when invoking the Azure function, I've added the following:

`password=$(e-password)`

I would expect the value of the secret downloaded from the Key Vault to be substituted, but instead the URL called turns out as:

`https://<my app's name>.azurewebsites.net/api/HttpTrigger?password=$(e-password)`

where the value of e-password is not substituted.

Answer 1

This seems to be possible now. If you are using YAML Pipeline for your Build and Release, you can look at my configuration here.

Answer 2

There is no way to share a variable between the agent phases. Please follow up this topic.

The workaround for this issue is that, you can create a Variable group which links the secrets from an Azure key vault as variables,and then link the Variable group in your pipeline. After that, you can use the varaible in your url parameter.

Here is my job log.