How to read and update secrets information in parameters.json file of Azure Logic App from Azure Key Vault

0
votes

I have Azure Logic App that processes messages from Service Bus session-based queue using When one or more messages arrive in a queue (peek-lock) connector and then inserting into SQL Database.

Note: In Azure Logic App, this is When one or more messages arrive in a queue (peek-lock) first trigger.

I want to protect the connection strings of Azure Service Bus and Azure SQL Database. For that I used Azure Key Vault to store connection strings information of Azure Service Bus and Azure SQL Database.

I have followed this documentation to read secrets from Azure Key Vault.

But I want to use the secrets information in parameters.json file. Because currently I have hardcoded the connection strings of Azure Service Bus and Azure SQL Database in parameters.json file.

So, can anyone suggest me ead and update secrets information in parameters.json file of Azure Logic App from Azure Key Vault.

1
azurevisual-studio-2017azure-logic-appsazure-keyvaultarm-template

1 Answers

2
votes

Azure Resource Manager Templates allow for integration of parameters with KeyVault to pull secrets from it.

https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/key-vault-parameter?tabs=azure-cli

Which should look like this

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
      "adminLogin": {
        "value": "exampleadmin"
      },
      "adminPassword": {
        "reference": {
          "keyVault": {
          "id": "/subscriptions/<subscription-id>/resourceGroups/<rg-name>/providers/Microsoft.KeyVault/vaults/<vault-name>"
          },
          "secretName": "ExamplePassword"
        }
      },
      "sqlServerName": {
        "value": "<your-server-name>"
      }
  }
}

Remember to add Logic Apps secret obfuscation

https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app#secure-data-in-run-history-by-using-obfuscation