Resolving Azure Function Key Vault secrets in local development

Comment(0)

When using the @Microsoft.KeyVault(SecretUri=...) syntax for App Service configuration in Azure Functions, these settings are not resolved when debugging locally.

The following script resolves such secret references to their values. After verifying the output file local.settings.tmp, overwrite local.settings.json with it.

cat local.settings.json \
  | jq -r  '.Values[]|select(startswith("@"))|match("SecretUri=(.*)\\)").captures[0].string' \
  | sort -u | xargs -n1 az keyvault secret show --id  > secrets.tmp \
  && jq -s 'map( { ("@Microsoft.KeyVault(SecretUri="+.id+")"):.value} ) | add ' secrets.tmp > secrets.map.tmp \
  && jq --argjson s "$(<secrets.map.tmp)" '.Values|=map_values(.=$s[.|sub(":443";"")] // .)' local.settings.json > local.settings.tmp \
&& mv local.settings.tmp local.settings.json
Software Engineer at Microsoft, Data & AI, open source fan

Related Articles

cloudarchitected

Updating Variable Groups from an Azure DevOps pipeline

We often need a permanent data store across Azure DevOps pipelines, for scenarios such as: Passing variables from one stage to the next in a multi-stage release pipeline. Any variables defined in a task are only propagated to tasks in the same stage. Storing state between pipeline runs, for example a blue/green deployment release pipeline […]

Using Azure AD with the Azure Databricks API

In the past, the Azure Databricks API has required a Personal Access Token (PAT), which must be manually generated in the UI. This complicates DevOps scenarios. A new feature in preview allows using Azure AD to authenticate with the API. You can use it in two ways: Use Azure AD to authenticate each Azure Databricks […]

Computing total storage size of a folder in Azure Data Lake Storage Gen2

Until Azure Storage Explorer implements the Selection Statistics feature for ADLS Gen2, here is a code snippet for Databricks to recursively compute the storage size used by ADLS Gen2 accounts (or any other type of storage). The code is quite inefficient as it runs in a single thread in the driver, so if you have […]