Just wondering whether there is a way to store storage account connection strings in key vault that a function uses. The function is reliant on WEBSITE_CONTENTAZUREFILECONNECTIONSTRING and AzureWebJobsStorage. I am trying to add these into key vault but the problem I have is..
- Provision Storage Account
- Provision Key Vault
- Provision Function App
- Add Access Policy for Function to Key Vault
The problem here is, when the function app is created (step 3) it fails as it can't access key vault (missing access policy). I can't create the policy as the function needs to exist.
How have others fixed this? I was thinking of creating the AD Application upfront (step 0) and not use managed identities (which is not ideal).
https://stackoverflow.com/questions/66779512/azure-function-managed-identities-and-key-vault-access-poilcy-chicken-egg-situa March 24, 2021 at 06:53PM
没有评论:
发表评论