KeyVault – Having trouble understanding where to put the keyvault URI to access the Keyvault via the Python SDK.


I'm currently tightening up some Azure functions which currently hold the connection string for blob storages in plain text in the Azure function. In order to remove the plain text element, I'm trying to call the values as secrets from KeyVault.

My first question is from the [Python SDK documentation](

# Acquire the resource URL vault_url = os.environ["KEY_VAULT_URL"] # Acquire a credential object credential = DefaultAzureCredential() 

So, they use os.environ to get the key vault URL. Does this only work locally or can I still use os.environ on an Azure function? If I can use os.environ, where do I store this value?

On top of that, I'm also using DefaultAzureCredential() - is this correct or should I be getting my credential from each function app? If I should be getting each credential, where do I get these from? I've looked in the function's Identity page to try and find an access token although couldn't find one.

Rant/problem explanation: What I'm having trouble getting is that at the moment no matter where I store the credential information, it's always in plain text somewhere. What I have currently works although the keyvault URI is in plain text and I don't know if the DefaultAzureCredential() should be passed through as opposed to a proper access token.

Thank you!

submitted by /u/MikeDoesEverything
[link] [comments]

Read more here:

Content Attribution

This content was originally published by /u/MikeDoesEverything at Microsoft Azure, and is syndicated here via their RSS feed. You can read the original post over there.

%d bloggers like this: