Azure function ZIP Deployment using terraform

0
votes

I am looking to deploy Azure function by using Terraform, in the same way which is mentioned here in the Ms docs. https://docs.microsoft.com/en-us/azure/azure-functions/deployment-zip-push

One of my need to store and Storage SAS key to Key Vault. I have seen some exmaple where we can below setting is used, but I can't use sas key without storing to Key Vault.

WEBSITE_RUN_FROM_ZIP = "https://${azurerm_storage_account.this.name}.blob.core.windows.net/${azurerm_storage_container.this.name}/${azurerm_storage_blob.this.name}${data.azurerm_storage_account_sas.this.sas}"

Any suggestion?

Thank you !

1
azurefunctionterraformazure-keyvault
What do you have done and what error do you get? - Charles Xu
One of my need to just use Key Vault to store the sas key, and sas key should not be visible in configuration. - Prakash
Do you solve the problem or still work on it? - Charles Xu

1 Answers

0
votes

For this requirement, you can use the Key Vault reference to get the secrets to the Azure Function like this:

@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/mysecret/ec96f02080254f109c51a1f14cdb1931)

Or

@Microsoft.KeyVault(VaultName=myvault;SecretName=mysecret;SecretVersion=ec96f02080254f109c51a1f14cdb1931)

But this means only support system-assigned managed identities. So you need to enable the system-assigned managed identity and assign the right role of the Key Vault to it. Here is more details.