0
votes

I have used Azure Key vault on Azure Logic App. But I couldn't access the values to Azure Logic APP API Connection. Basically I have to get the username and password for SQL connector from Azure Key vault. Apprecait if you can suggest, how we can achieve this. enter image description here

2
Actually the API connection will not store any sensitive information inside it once it was created, so you can put your name, password, etc, directly to it. - Joy Wang-MSFT
@JoyWang yes. Security point of view, it is correct. But I like to do this because if I change the credentials of SQL, it will auto refresh to Logic APP - Inzi
Are you interested in a solution that use arm template ? but it won't auto refresh the logic app if you change the credentials. - Thomas
ok. @Thomas let me know the ARM templates - Inzi

2 Answers

0
votes

As far as I know, azure logic app can't access key vault in api connection in portal. If you want to access key vault, you can use rest api to access it. You need to enable msi in your logic app (the link below shows us we can do msi modification in "Workflow Settings" but currently it has changed we need to enable it in "Identity" blade of your logic app) and use http action to access your key vault.

You can refer to this link for further information: https://devkimchi.com/2018/10/24/accessing-key-vault-from-logic-apps-with-managed-identity/

0
votes

Once created the connection API will not output any sensitive information.
Using ARM template, you can create an API connection but it won't update the connection details when you rotate the credentials, you'll have to redeploy the template.

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "sqlConnectionAPIName": {
      "type": "string",
      "metadata": {
        "description": "The name of the connection api to access the service bus namepsace."
      }
    },
    "sqlserverName": {
      "type": "string",
      "metadata": {
        "description": "The Name of the SQL Server instance."
      }
    },
    "databaseName": {
      "type": "string",
      "metadata": {
        "description": "The name of the database."
      }
    }
  },
  "variables": {},
  "resources": [
    {
      "type": "Microsoft.Web/connections",
      "name": "[parameters('sqlConnectionAPIName')]",
      "apiVersion": "2018-07-01-preview",
      "location": "[resourceGroup().location]",
      "scale": null,
      "properties": {
        "displayName": "[parameters('sqlConnectionAPIName')]",
        "parameterValues": {
          "server": "[reference(resourceId('Microsoft.Sql/servers', parameters('sqlserverName')), '2015-05-01-preview').fullyQualifiedDomainName]",
          "database": "[parameters('databaseName')]",
          "username": "[reference(resourceId('Microsoft.Sql/servers', parameters('sqlserverName')), '2015-05-01-preview').administratorLogin]",
          "password": "[reference(resourceId('Microsoft.Sql/servers', parameters('sqlserverName')), '2015-05-01-preview').administratorLoginPassword]"
        },
        "api": {
          "id": "[concat('subscriptions/', subscription().subscriptionId, '/providers/Microsoft.Web/locations/', resourceGroup().location, '/managedApis/sql')]"
        }
      },
      "dependsOn": []
    }
  ]
}