I had a few requests from my last article on how to remove all references of the access key from the application settings. Let’s take a look at how to achieve this.
When you provision a new Azure Function, it will create 2 settings with an access key:
WEBSITE_CONTENTAZUREFILECONNECTIONSTRING
AzureWebJobsStorage
We can rip out AzureWebJobsStorage and manually reference the correct endpoints for Azure Gov, but what about WEBSITE_CONTENTAZUREFILECONNECTIONSTRING? This is an Azure file share and managed identities are not supported. We can use an Azure Key Vault to store the connection information and use a managed identity from the function to connect into key vault. I am not going to reinvent the wheel as Microsoft published an article how to manually do this https://learn.microsoft.com/en-us/azure/azure-functions/functions-identity-based-connections-tutorial
What I did do was make it a bit more automated because doing this manually is a pain.
- Clone https://github.com/jrudley/miFunction
- Edit the ps variables in the ps1 file
- Edit the location where to read and write the files in the script (lines 22,29,31,38)
- Run the script
This will swap out values that are required to do what that webpage is manually doing. It will also update the required app settings and roles once deployed. After this is running, you can now add your function apps and reference my other article on how to use managed identities. You can target the storage account provisioned or create a new storage account and go that route. Do note, this is written for Azure Government, so update the endpoints in the JSON file if you are in the commercial cloud. Cheers!
Azure Testing Site 