Azure Functions EventHub Trigger Connection String

Question

I have a task to create eventhub trigger function and below is sample code of the trigger. "EventHubTrigger" attribute parameter "Connection" value is expected to provided from function app settings on azure but we have a requirement to read connection string from Azure Keyvault. Is it feasible ?. Appreciate you inputs around it

    public async Task Run([EventHubTrigger(eventHubName:"%EventName%", Connection = 
                     "EventHubConnectionString")] EventData[] events
                     , ExecutionContext context, ILogger log)
    {
      // Do something
    }

Answer 1

You can use a Key Vault Reference of the Secret as the Function AppSetting. To achieve it, follow the following steps:

1. Create a system-assigned Managed Identity of your Function. (Function - > Identity -> Enable System-Assigned Managed Identity)
2. Assign this Managed Identity GET access to your Key Vault in the Access Policies.
3. Create your secret and copy the secret identifier
4. Create a new AppSetting in your Function with the value @Microsoft.KeyVault(SecretUri=YOUR_SECRET_IDENTIFIER). It should look like this @Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecret/ec96f02080254f109c51a1f14cdb1931)
5. If you see a green checkmark next to the AppSetting, it was resolved correctly.

For more information, see https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references