Skip to main content
Version: v1.7.0

Using secret store within Azure Functions


For this feature, the following package needs to be installed:

PM > Install-Package Arcus.Security.AzureFunctions


The secret stores are configured during the initial application build-up in the Startup.cs:

using Microsoft.Azure.Functions.Extensions.DependencyInjection;using Microsoft.Extensions.Configuration;using Microsoft.Extensions.DependencyInjection;
[assembly: FunctionsStartup(typeof(Startup))]
namespace MyHttpAzureFunction{    public class Startup : FunctionsStartup    {        public override void Configure(IFunctionsHostBuilder builder)        {            builder.ConfigureSecretStore((FunctionsHostBuilderContext context, IConfiguration config, SecretStoreBuilder stores) =>            {                var keyVaultName = config["KeyVault_Name"];                stores.AddEnvironmentVariables()                      .AddAzureKeyVaultWithManagedServiceIdentity($"https://{keyVaultName}");            })        }    }}

Once the secret providers are defined, the ISecretProvider can be used as any other registered service:

using Arcus.Security.Core;
namespace Application{    public class MyHttpTrigger    {        public MyHttpTrigger(ISecretProvider secretProvider)        {        }
        [FunctionName("MyHttpTrigger")]        public async Task<IActionResult> Run(            [HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,            ILogger log)        {            return new OkObjectResult("Response from function with injected dependencies.");        }    }}