Reputation: 346
Using Azure Key vault on Azure Logic App API Connection
I have used Azure Key vault on Azure Logic App. But I couldn't access the values to Azure Logic APP API Connection. Basically I have to get the username and password for SQL connector from Azure Key vault. Apprecait if you can suggest, how we can achieve this.
Upvotes: 2
Views: 5045
Answers (2)
Reputation: 29791
Once created the connection API will not output any sensitive information.
Using ARM template, you can create an API connection but it won't update the connection details when you rotate the credentials, you'll have to redeploy the template.
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"sqlConnectionAPIName": {
"type": "string",
"metadata": {
"description": "The name of the connection api to access the service bus namepsace."
}
},
"sqlserverName": {
"type": "string",
"metadata": {
"description": "The Name of the SQL Server instance."
}
},
"databaseName": {
"type": "string",
"metadata": {
"description": "The name of the database."
}
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Web/connections",
"name": "[parameters('sqlConnectionAPIName')]",
"apiVersion": "2018-07-01-preview",
"location": "[resourceGroup().location]",
"scale": null,
"properties": {
"displayName": "[parameters('sqlConnectionAPIName')]",
"parameterValues": {
"server": "[reference(resourceId('Microsoft.Sql/servers', parameters('sqlserverName')), '2015-05-01-preview').fullyQualifiedDomainName]",
"database": "[parameters('databaseName')]",
"username": "[reference(resourceId('Microsoft.Sql/servers', parameters('sqlserverName')), '2015-05-01-preview').administratorLogin]",
"password": "[reference(resourceId('Microsoft.Sql/servers', parameters('sqlserverName')), '2015-05-01-preview').administratorLoginPassword]"
},
"api": {
"id": "[concat('subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/sql')]"
}
},
"dependsOn": []
}
]
}
Upvotes: 1
Reputation: 15754
As far as I know, azure logic app can't access key vault in api connection in portal. If you want to access key vault, you can use rest api to access it. You need to enable msi in your logic app (the link below shows us we can do msi modification in "Workflow Settings" but currently it has changed we need to enable it in "Identity" blade of your logic app) and use http action to access your key vault.
You can refer to this link for further information: https://devkimchi.com/2018/10/24/accessing-key-vault-from-logic-apps-with-managed-identity/
Upvotes: 1
Related Questions
- Get a certificate from Azure Key Vault in Logic App
- Failed to edit Key Vault API connection
- Azure Key Vault with Logic app, but empty Event section
- How to create Api connection to Azure KeyVault for Logic App with Managed Identity
- Azure key vault in logic app to encrypt or decrypt files
- Application setting of Key vault reference missing in logicapp
- Can I pass an Azure Key Vault Secret to an SFTP connector in an Azure Logic App?
- How can I create API connection to Azure KeyVault when deploying Logic App from ARM template in DevOps
- Azure Logic App: How do I call a stored proc using a connection string from a Vault secret
- How to use keyvault for service bus connection string inside logic app