azure - keyVaultClient - get a secret

Question

Welcome To Ask or Share your Answers For Others

azure - keyVaultClient - get a secret

asked Jan 27, 2021 in Technique[技术] by 深蓝 (71.8m points)

azure - keyVaultClient - get a secret

I am using Azure function to do an action, in this action I need to get a secret from a keyvault. I am using this code in order to get the secret

 var azureServiceTokenProvider = new AzureServiceTokenProvider();
 var keyVaultClient = new KeyVaultClient((authority, resource, scope) => azureServiceTokenProvider.GetAccessTokenAsync(resource));

var secret= await keyVaultClient.GetSecretAsync($"https://{KeyVaultName}.vault.azure.net/", "SecretName");

When I run it locally it's work but when I run the function in azure I am getting an error "Forbidden" How can I get the secret from a keyVault inside my azure function?

Thanks!

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Answer

深蓝 · Answer 1 · 2021-01-27T03:51:26+0000

Forbidden might indicate that the identity assumed by the Azure Function does not have access rights over the specific Azure Key Vault.

From the Azure Portal or via CLI/API, head into the relevant Azure Key Vault resource -> Access Policies -> Add Access Policy -> Assign the Azure Function identity with the following permissions:

Secret List
Secret Get

Categories

azure - keyVaultClient - get a secret

azure - keyVaultClient - get a secret

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags