Keyvault environmental variable reference support #90
Comments
Perks-of-Being-a-Cauliflower
changed the title
|
Hi @Perks-of-Being-a-Cauliflower, could you please provide details about which location you've faced the error in, name of the app/resource id? Functions on ACA currently supports Managed Identity as well as Key vault references. It could be that you're trying to create the resource in a region where Functions on Container Apps is not supported. I suggest trying out a different region. You can find the list of supported regions here: https://aka.ms/functionacaregions. Please look for regions supported by Azure Container Apps. |
|
@Perks-of-Being-a-Cauliflower - appreciate your response here. Else you can drop me a note to - [email protected] |
|
Sorry for the delayed response. The container/function app was created in Australia East, and the key vault is in Australia South-East (VNETs are peered). The portal had Australia East as an option, so I just assumed that it was supported when I was creating the bicep. I can't see Azure Container Apps in the list you provided so perhaps it's just not supported despite being available in the portal. |
|
Hi @Perks-of-Being-a-Cauliflower Functions on Azure COntainers apps is supported in Australia east. Are you still seeing this issue |
|
Can you email us the resource id and time the error occurred as this is not expected behaviour? |
|
I don't have the original resource because I had to change to a Flex Consumption plan Function app due to time constraints. I will try to dig out the original code from source control. I did suspect that AustraliaEast was supported. I just double-checked the documentation and the line that mentions that Keyvault references through environment variables not being supported is no longer there so I wonder if support has now been added. I might try and do another deployment in my own time if/when I find the original code. My understanding was that the subnet delegation didn't allow for VNET-integrated function apps to access the keyvault via environmental variables but perhaps that has been fixed. |
Is your feature request related to a problem? Please describe.
Keyvault reference support. I would like to reference the key vault values exactly the same as if I were creating a function app on an app service plan in the environmental variables.
This is the error I got when I tried:
"Key Vault References are currently not supported for Functions on ACA. Please provide another value."
Describe the solution you'd like
I have sensitive keys/secrets that are stored in an azure keyvault. I want to references these values in a secure way by referencing the keyvault in the function app environment variables. e.g. '@Microsoft.KeyVault(VaultName=keyVaultFullName;SecretName=KeyvaultSecretName)'
https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references?tabs=azure-cli
Describe alternatives you've considered
Going to look into a dapr secret store as an alternative or referencing key vault in the code. not sure if managed identity is used at code level.
Additional context
I appreciate the error message being very explicit as to the issue.
The text was updated successfully, but these errors were encountered: