Azure Function App通过应用程序设置使用最新版本的Key Vault Secret
我有一个在消费计划上运行的Linux功能应用程序,该应用程序使用应用程序设置"中的密钥库参考"来检索和使用存储在Azure密钥库中的机密.
I have a Linux Function App running on Consumption Plan that is using a Key Vault Reference in the Application Settings to retrieve and use a secret stored in an Azure Key Vault.
到目前为止,效果很好.
This works fine so far.
但是,我们每天都必须更改该秘密(即,在Key Vault中创建该秘密的新版本并为该秘密设置激活日期),并且希望Function App自动检索并使用新版本激活后,无需手动将Kev Vault引用更改为新版本的机密.
However, we have to change that secret every day (i.e. create a new version of that secret in the Key Vault and set an activation date for that secret) and would like to have the Function App automatically retrieve and use the new version as soon as its activated without having to manually change the Kev Vault reference to the new version of the secret.
这目前可行吗?如何实现?
Is this currently possible and how can this be achieved?
当前无法执行此操作.
https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references
当前需要版本.旋转机密时,您将需要在应用程序配置中更新版本.
Versions are currently required. When rotating secrets, you will need to update the version in your application configuration.
重新启动功能对您没有任何帮助,因为旋转机密意味着您还需要创建该机密的新版本.这也可能是为什么目前不支持它的原因.当有新版本可用时,AppService不会收到通知,并且您可能不希望在KeyVault中更新机密时自动重启AppService.
Restarting your function will not help you in any way, since rotating the secret means that you also create a new version of the secret. This is probably also why it is not supported at the moment. AppService does not get notified when a new version is available, and you probably don't want your AppService to restart automatically when you update a secret in KeyVault.
您要么需要在功能代码中手动获取最新的活动密码,要么通过其他方法更新引用.我可能更喜欢第一种方法,因为它可以工作而不必重新启动AppService.
You either need to fetch the latest active secret manually in your function code, or update the reference via some other method. I would probably prefer the first method, since it can work without having to restart your AppService.