Snippets

Resolving Azure Function Key Vault secrets in local development

When using the @Microsoft.KeyVault(SecretUri=...) syntax for App Service configuration in Azure Functions, these settings are not resolved when debugging locally.

The following script resolves such secret references to their values. After verifying the output file local.settings.tmp, overwrite local.settings.json with it.

cat local.settings.json | jq -r  '.Values[]|select(startswith("@"))|match("SecretUri=(.*)\)").captures[0].string' | sort -u | xargs -n1 az keyvault secret show --id  > secrets.tmp
jq -s 'map( { ("@Microsoft.KeyVault(SecretUri="+.id+")"):.value} ) |add ' secrets.tmp > secrets.map.tmp
jq --argjson s "$(<secrets.map.tmp)" '.Values|=map_values(.=$s[.] // .)' local.settings.json > local.settings.tmp 
Alexandre Gattiker
Software Engineer at Microsoft, Data & AI, open source fan
https://cloudarchitected.com

Leave a Reply

Your email address will not be published. Required fields are marked *