Azure Key Vault 可以与 Functions 一起使用来存储队列触发器的连接字符串吗? [英] Can Azure Key Vault be used with Functions to store the connection string for queue triggers?

问题描述

我能够在函数应用中使用 Key Vault

3.然后就可以正常工作了.

I was able to use the Key Vault inside a function app as described here but when I tried to use the Key Vault to hold the connection string of a function with a queue trigger I have issues with the storage account connection string. The function seems to find the parameter I provide but either doesn't get the secret back or doesn't like the information when it throws the error No valid combination of account information found.

My function is defined as:

        [FunctionName("ReadQueueForMessage")]
        public static async Task Run([QueueTrigger("%AzureQueueTrigger%", Connection = "AzureWebJobsStorage")] string myQueueItem,
            Binder binderinputblob,
            ILogger log)

This works fine if I just define the connection string in my local.settings.json. What I'm trying to do is instead of just putting the connection string in the json file, I want to point the function to the Key Vault with this syntax:

"AzureWebJobsStorage": "@Microsoft.KeyVault(SecretUri=https://myappkeyvault.vault.azure.net/secrets/myapp-AzureWebJobsStorage-Queue/the-guid-of-secret)",

I did go to the Key Vault and update the access policies to include the function app so it can read/list the secrets. The documentation here shows making an update to the configuration after it was deployed to Azure. I'm trying to test first in Visual Studio. Maybe that is the issue? Or is it not possible at all to use the secret in this manner?

解决方案

I'm trying to test first in Visual Studio.

For now using Azure Key Vault references with Azure Functions does not support to work on local, as confirmed by Azure Functions team. If you still want to test on local, you could implemented an incomplete local workaround like this issue.

I test on portal and it works well. You could refer to the following steps as below：

1.In VS Function.cs, then publish to azure：

 public static void Run([QueueTrigger("queue", Connection = "AzureWebJobsStorage")]string myQueueItem, TraceWriter log)
 {
     log.Info($"C# Queue trigger function processed: {myQueueItem}");
     string connectionString = System.Environment.GetEnvironmentVariable("AzureWebJobsStorage");
     log.Info($"The connection string is {connectionString}");
 }

2.Set AzureWebJobsStorage on Appsettings setting on portal.

3.Then it will work fine.

这篇关于Azure Key Vault 可以与 Functions 一起使用来存储队列触发器的连接字符串吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！