保护Azure功能使用的私钥

我个人没有从Azure功能访问过来自Azure密钥库的机密。到目前为止，我发现在Function App的应用程序设置中存储秘密/密钥非常适合我。

但是，您可能会发现这很有用：使用Azure功能和托管服务标识检索Azure密钥保管库机密按照该页面中描述的步骤正确设置保管库后，您将从以下功能访问：

using System.Net;
using System.Configuration;
using Microsoft.Azure.Services.AppAuthentication;
using Microsoft.Azure.KeyVault;
using Microsoft.Azure.KeyVault.Models;
using Microsoft.IdentityModel.Clients.ActiveDirectory;
using Newtonsoft.Json;
using System.Text;
public static async Task<HttpResponseMessage> Run(HttpRequestMessage req, TraceWriter log)
{
log.Info("C# HTTP trigger function processed a request.");
SecretRequest secretRequest = await req.Content.ReadAsAsync<SecretRequest>();
if(string.IsNullOrEmpty(secretRequest.Secret))
return req.CreateResponse(HttpStatusCode.BadRequest, "Request does not contain a valid Secret."); 
log.Info($"GetKeyVaultSecret request received for secret {secretRequest.Secret}");        
var serviceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(serviceTokenProvider.KeyVaultTokenCallback));            
var secretUri = SecretUri(secretRequest.Secret);
log.Info($"Key Vault URI {secretUri} generated");
SecretBundle secretValue; 
try
{
secretValue = await keyVaultClient.GetSecretAsync(secretUri);
}
catch(KeyVaultErrorException kex)
{
return req.CreateResponse(HttpStatusCode.NotFound, $"{kex.Message}");
}
log.Info("Secret Value retrieved from KeyVault.");
var secretResponse = new SecretResponse {Secret = secretRequest.Secret, Value = secretValue.Value};
return new HttpResponseMessage(HttpStatusCode.OK) {
Content = new StringContent(JsonConvert.SerializeObject(secretResponse), Encoding.UTF8, "application/json")};

}
public class SecretRequest
{
public string Secret {get;set;}
}
public class SecretResponse
{
public string Secret {get; set;}
public string Value {get; set;}
}
public static string SecretUri(string secret)
{
return $"{ConfigurationManager.AppSettings["KeyVaultUri"]}/Secrets/{secret}";
}