0

I am supporting an Azure Function someone wrote in C# in .NET Core 2.2.4. The function app is connecting to a database using a SQL Server account, and username and password are hardcoded in the connection string at the moment. We want to use Azure Keyvault now so that we don't have the password in the connection string.

Here is the connection with hardcode username and password in local.setting.json file:

"SQLConnectionString":"Server=tcp:xxxx-sql.database.windows.net,1433;Initial Catalog=abc-db;Persist Security Info=False;User ID=xxxx;Password=xxxxxx;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"
marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
os2499
  • 43
  • 5

1 Answers1

0

If your Username and Password are in KeyVault Secrets then You should give access to use the secrets as below reference:

enter image description here

enter image description here

enter image description here

In configuration section Of function app Click on Add Application Setting and Then type password and then below code

@Microsoft.KeyVault(SecretUri=https://mykeyvaultname.vault.azure.net/secrets/mysecretname/)

enter image description here

Then codes for using inside Azure Function are reference1 and reference2.

RithwikBojja
  • 5,069
  • 2
  • 3
  • 7
  • I installed microsoft.Data.sqlClient libraries and updated the connection string to use Authentication=Active Directory Integrated" . I am getting error message System.ArgumentException: Keyword not supported: 'authentication'. – os2499 Mar 08 '23 at 16:40
  • I installed microsoft.Data.sqlClient libraries and updated the connection string to use Authentication=Active Directory Integrated" . I am getting error message System.ArgumentException: Keyword not supported: 'authentication'. In order to use username and password from key vault, do I need to make other changes as you had pointed in references? Can we not just change the connection string to connect to database? Username and password secrets do have necessary access policy setup in keyvault as you had mentioned. – os2499 Mar 08 '23 at 16:47
  • Try using this ```Server=tcp:.database.windows.net,1433;Initial Catalog=;Authentication=Active Directory Integrated;Key Vault Secret=;Secret Name= ``` – RithwikBojja Mar 10 '23 at 09:40