Managing API Keys for Serverless Functions with Azure KeyVault
With my team's ever growing list of interconnected services, serverless functions, external APIs, databases, et.al., we need a way to securely manage and protect all the sensitive information contained therein. This is not an uncommon use case, and in-fact several high profile breaches over the last few years involved the storage of secure info like API keys in source control. We'll be using Azure KeyVault to manage our sensitive keys, and today we'll look at how to connect an Azure Function to an Azure Key Vault. Before we get started, this is going to be a zero code demonstration. Our development environment doesn't need access to the KeyVault for you to trigger the function, even with AuthorizationLevel.Function set. We will do the setup purely in Azure, and show you how to setup role based access. I'm going to assume you are familiar with Azure and know how to setup new services. The Microsoft documentation on this authorization scenario points at legacy access