Use Environemt variable-on-azure-functions
After creating a local Azure Functions environment and local Functions project on Mac(M1), I create Azure resources and deploy the Functions.
Environment settings
- MacOS Monterey 12.3, M1 Apple silicon
- Rosetta 2
1 2% uname -a Darwin xxx 21.4.0 Darwin Kernel Version 21.4.0: Mon Feb 21 20:35:58 PST 2022; root:xnu-8020.101.4~2/RELEASE_ARM64_T6000 x86_64 - pyenv 2.3.18
- Python 3.10.0
- Homebrew 4.0.20
- azure-functions-core-tools@4/4.0.5198
Local setting
Add secret and its value in local.setting.json. Note that this file should not be uploaded to git repository for securing the sensitive information. like:
|
|
Azure setting
On Azure Portal, “your function app” > “Configuration” > “New app configuration”, then add the name and value of the environmental variable.
- Name: “OPENAIAPIKEY”
- Value: “your secret”
Use environment variable
From Function app (in python), you can get by:
|
|
TBD: Read secret from KVault
I tried below steps, but it did not work so far (as of 6 June).
Especially, I wanted to try this, but my function could not read the secret from configured key vault by unknown reason.
Add role assignment to Key Vault
Without adding IAM role to use Key Vault, you cannot register the secret to the Azure.
- Azure Key Vault > Access Control(IAM)
- Select “Key Vault Secrets User”, " and “Next”
- Add a member to assign the role
- “Review and assignment”
Add secret
On Key Vault, select “Secret”, then you can add a secret.
Add identity to Functions app
- Functions > your function name (hlbfunc01 in my case)ID > System Assigned > On
- After activating system assigned, “Role Assignment”
- “Add Role Assignment” and update input below.
- Scope : Key Vault
- Subscription : “your subscription name”
- Resource: “your vault name”
- Role: “Reader”