Are function/host keys directly available inside an Azure Function written in Python?

Question

When writing an Azure Function in Python, I would expect to be able to access the host and function keys from the environment. Is this possible? All the examples I've seen do it by calling a get request, which seems like a lot of code to access something that I've set through the website.

This question is very similar, but not language specific.

AFAIK To support programmatic key management, the host exposes a key management AP and API is the only way of getting function and host key. API keys are persisted, encrypted, on the file system under D:\home\data\Functions\secrets, in files matching the function name for function level keys, and a file named host.json for the host level keys. — Mohit Verma, Nov 15 '19 at 09:03

Peter Pan · Answer 1 · 2019-11-19T10:09:11.083

It sounds like you want to get the response of the Host API admin/host/keys of Azure Functions as below, so please refer to Azure Functions wiki page Key management API

Here is my sample code.

# App Credentials, to get it see the figures below
username = "<your username like `$xxxxx`>"
password = "<your password>"

functionapp_name = "<your function app name>"
api_url = f"https://{functionapp_name}.scm.azurewebsites.net/api"
site_url = f"https://{functionapp_name}.azurewebsites.net"

import base64
import requests

auth_info = f"{username}:{password}"

base64_auth = base64.b64encode(str.encode(auth_info)).decode()
print(base64_auth)

jwt_resp = requests.get(f"{api_url}/functions/admin/token", headers={"Authorization": f"Basic {base64_auth}"})
jwt = jwt_resp.text.replace("\"", "", -1)
print(jwt)

keys_resp = requests.get(f"{site_url}/admin/host/keys", headers={"Authorization": f"Bearer {jwt}"})
print(keys_resp.text)

It works and its result as below.

For getting the username and password of App Credentials, please see the figures below.

Fig 1. On Azure portal, open the Platform features tab of your Function App and click the Deployment Center link

Fig 2. Select the FTP option in the first step of SOURCE CONTROL and click the Dashboard button to copy the values of Username and Password, but just use the part of Username with $ prefix as username variable in my script. Ofcouse, you also can use them in tab User Credentials tab.

Also, you can refer to my answer for the similar SO thread Unable to access admin URL of Azure Functions using PowerShell, and my figures below come from that.

Update: For using Azure Function for Python in container, please refer to the figure below to get the deployment credentials.

Thanks for the thorough answer. I'm writing a python function, and therefore by deployment is via the VS Code tools, which leads to it being containerised. Which means that under Code Deployment i only get Container settings, which is greyed out. Does any of that change the way I should be doing this? — Ben, Nov 19 '19 at 05:33

Are function/host keys directly available inside an Azure Function written in Python?

1 Answers1

Linked