Resolving Azure Function Key Vault secrets in local development

When using the @Microsoft.KeyVault(SecretUri=...) syntax for App Service configuration in Azure Functions, these settings are not resolved when debugging locally.

The following script resolves such secret references to their values. After verifying the output file local.settings.tmp, overwrite local.settings.json with it.

cat local.settings.json \
  | jq -r  '.Values[]|select(startswith("@"))|match("SecretUri=(.*)\\)").captures[0].string' \
  | sort -u | xargs -n1 az keyvault secret show --id  > secrets.tmp \
  && jq -s 'map( { ("@Microsoft.KeyVault(SecretUri="")"):.value} ) | add ' secrets.tmp > \
  && jq --argjson s "$(<" '.Values|=map_values(.=$s[.|sub(":443";"")] // .)' local.settings.json > local.settings.tmp \
&& mv local.settings.tmp local.settings.json
Software Engineer at Microsoft, Data & AI, open source fan