{"id":4669,"date":"2019-01-03T19:48:50","date_gmt":"2019-01-03T19:48:50","guid":{"rendered":"http:\/\/blogs.aaddevsup.xyz\/?p=4669"},"modified":"2019-08-12T21:54:31","modified_gmt":"2019-08-12T21:54:31","slug":"walkthrough-how-to-retrieve-an-azure-key-vault-secret-from-an-azure-function-app-using-client-credentials-flow-with-certificate","status":"publish","type":"post","link":"https:\/\/blogs.aaddevsup.xyz\/2019\/01\/walkthrough-how-to-retrieve-an-azure-key-vault-secret-from-an-azure-function-app-using-client-credentials-flow-with-certificate\/","title":{"rendered":"Walkthrough: how to retrieve an Azure Key Vault secret from an Azure Function App using client credentials flow with certificate"},"content":{"rendered":"

Introduction:<\/h1>\n

This post builds on the information from the previous<\/a> post and I will assume that you already have an Azure Key Vault, an AAD Application registration, and a certificate file. We will cover the following steps in this blog in order to use a certificate from an Azure Function App<\/a>:<\/p>\n

    \n
  1. Create an Azure Function App<\/li>\n
  2. Upload the certificate to the Function App<\/li>\n
  3. Configure the Function App to load certificate file<\/li>\n
  4. Create an Azure Function to consume the certificate<\/li>\n<\/ol>\n

    Create an Azure Function App<\/h1>\n

    From the Azure Market Place in the Azure portal, create an Azure Function App. The Hosting Plan can either be Consumption Plan or App Service Plan.<\/p>\n

    \"\"<\/p>\n

    Upload the certificate to the Azure Function App<\/h1>\n

    Go to the Function App resource we just created => click on Platform features<\/strong> tab => click on SSL<\/strong> link<\/p>\n

    \"\"<\/p>\n

    From the SSL blade => click on Private Certificates (.pfx)<\/strong> tab => click the Upload Certificate<\/strong> link<\/p>\n

    \"\"<\/p>\n

    Go through the Certificate Upload wizard to provide a pfx file and password. Once the upload is complete, the certificate info should appear under the Private Certificate<\/strong> section<\/p>\n

    \"\"<\/p>\n

    Configure the Function App to load the certificate<\/h1>\n

    From the Function App blade, click on the Application settings<\/strong> link under the Platform features<\/strong> tab<\/p>\n

    \"\"<\/p>\n

    Under Application settings section, add a new setting called WEBSITE_LOAD_CERTIFICATES<\/strong> and set the value to be the certificate thumbprint. Click on Save<\/strong> button to save the new setting<\/p>\n

    \"\"<\/p>\n

    Create an Azure Function<\/h1>\n

    From Visual Studio 2017, create a new Azure Functions project. If you don’t see the “Azure Functions” template, you may need to install “Azure Functions and Web Jobs Tools” extension. See https:\/\/docs.microsoft.com\/en-us\/azure\/azure-functions\/functions-develop-vs<\/a> for more info.<\/p>\n

    \"\"<\/p>\n

    For the Function trigger, I just choose Timer trigger for the purpose of this blog. You an choose any trigger you like. Trigger is just a mean to invoke an Azure Function. If you have a storage account then go ahead and configure the storage account for the Function under Storage Account setting. The schedule setting uses CRON expression<\/a> to define a timer schedule for the Function App. The prepopulated expression 0 *\/5 * * * *<\/b> <\/span><\/span>means that the Function is invoked every 5 minutes.<\/p>\n

    \"\"<\/p>\n

    Now we need to write the code for this Function:<\/p>\n

      \n
    1. Install the following Nuget packages from the Package Manager Console:
      \n<\/span><\/span><\/span><\/li>\n<\/ol>\n

      Install-Package Microsoft.IdentityModel.Clients.ActiveDirectory<\/span>
      \n<\/span><\/span><\/p>\n

      Install-Package Microsoft.Azure.KeyVault
      \n<\/span><\/p>\n

        \n
      1. Replace the code in Function1.cs with the following code:
        \n<\/span><\/li>\n<\/ol>\n

        [gist id=”069082b4a4a2df7b0e3f9ef4ccf4498b” file=”Function1.cs”]<\/p>\n

          \n
        1. \n
          Build and publish this Azure Function to our Azure Function App by right-click on the Project name and select “Publish\u2026”
          \n<\/span><\/div>\n

          Note: If you have not done this already, make sure you log into Visual Studio with your Azure AD account<\/span>.
          \n<\/span><\/p>\n

          \"\"
          \n<\/span><\/li>\n<\/ol>\n

          Select the target to be our existing Azure Function App and click “Publish”<\/p>\n

          \"\"<\/p>\n

          Select the right Azure Function App under the right Resource Group and click OK to publish<\/p>\n

          Once the publishing is finished, we should see our Function 1 appearing in the Azure portal. You can click on the “Run” button to see the output in the Logs section at the bottom.<\/p>\n

          \"\"<\/p>\n

          References<\/h1>\n

          https:\/\/docs.microsoft.com\/en-us\/azure\/azure-functions\/functions-develop-vs<\/a><\/p>\n

          https:\/\/azure.microsoft.com\/en-us\/blog\/using-certificates-in-azure-websites-applications\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

          Introduction: This post builds on the information from the previous post and I will assume that you already have an Azure Key Vault, an AAD Application registration, and a certificate file. We will cover the following steps in this blog in order to use a certificate from an Azure Function App: Create an Azure Function App Upload the certificate to the Function App Configure the Function App to load certificate…<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,9],"tags":[141,140,45,46],"class_list":["post-4669","post","type-post","status-publish","format-standard","hentry","category-authentication","category-key-vault","tag-function","tag-keyvault","tag-client-credential-grant","tag-client-credentials"],"_links":{"self":[{"href":"https:\/\/blogs.aaddevsup.xyz\/wp-json\/wp\/v2\/posts\/4669"}],"collection":[{"href":"https:\/\/blogs.aaddevsup.xyz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.aaddevsup.xyz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.aaddevsup.xyz\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.aaddevsup.xyz\/wp-json\/wp\/v2\/comments?post=4669"}],"version-history":[{"count":16,"href":"https:\/\/blogs.aaddevsup.xyz\/wp-json\/wp\/v2\/posts\/4669\/revisions"}],"predecessor-version":[{"id":5876,"href":"https:\/\/blogs.aaddevsup.xyz\/wp-json\/wp\/v2\/posts\/4669\/revisions\/5876"}],"wp:attachment":[{"href":"https:\/\/blogs.aaddevsup.xyz\/wp-json\/wp\/v2\/media?parent=4669"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.aaddevsup.xyz\/wp-json\/wp\/v2\/categories?post=4669"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.aaddevsup.xyz\/wp-json\/wp\/v2\/tags?post=4669"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}