Reading Secrets from Key Vault

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour
Difficulty
Beginner
CEU/CPE
1
Video Transcription
00:01
every application needs to have some configuration.
00:05
Quite often these configuration includes secrets like passwords or keys for access to data basis or other systems.
00:13
Actual functions have integration with casuals Secure Vote which makes readings configuration secrets very easy.
00:22
Let's see how we can do that
00:26
now. The first thing we'll do is we'll go and create a secret in Azure key vote
00:32
I already have created a key vote resource that is completely empty. Let's go in and create a new secret.
00:40
So you play conduct Li Ke vote and on the left side you select secrets
00:47
I will generate
00:48
a completely new secret I will name it Sai Buri
00:53
Example Secret
00:57
and I will put the value us This is my secret
01:03
The secret will be enabled Oh click on create And now we have a secret which is stored under the name Sai Buri Example Secret in azure key vote
01:17
Now let's go back to our function app
01:22
and inside the function app
01:26
we'll need to do some configuration.
01:32
What we will do will create the so called managed service service identity
01:38
again This is done on the level off the function up, which means all the functions inside this function up will use the same identity.
01:49
You click on platform features and you click on identity
01:55
right now the identities off.
01:57
If I click on
01:59
and the safe button
02:01
a new identity will be created for my function.
02:07
Let's say okay and after a few minutes, this identity will be created and it will be added Toe azure Active directory.
02:15
This is the idea that I can use
02:20
toe grant access toe this identity toe different resource is let's copy this idea
02:27
and we will go back to Azure
02:30
key vote
02:32
in the key vote. We need to change the access policies in order to allow our to our azure function. To read the secret,
02:42
let's click on azure access policies and well, at a new policy
02:49
for our particular case. The only thing we need to do is we need to be ableto get a secret, so we will select the minimum
02:58
Onley requirements for our application to function.
03:02
Then we need to select the principle in our case, the principal will be our function or we can use the I d that we copied.
03:13
So this is our cyber very function for azure function course
03:16
will select this one
03:20
click select,
03:22
then we'll add it.
03:23
And of course, we should not forget to click the save button
03:28
to save this configuration.
03:30
Now our application, the cyber re function, will be able to get secrets from this key vote.
03:40
Now let's go and test that will need to write a little bit a court in our function.
03:46
I will keep the key vote open because we'll need some information from it.
03:51
And I opened our function in a different tap.
03:58
One of the things that we need to do is we need to create some environment configuration for our function.
04:05
The way the integration with azure key vote works is that
04:10
you can set the secret, its environment very able for the function.
04:17
So let's say we go and click on configuration
04:25
and in the configuration will at the new application setting,
04:30
and we'll go these applications setting like secret
04:36
configuration
04:40
the value for the sequel. It configuration has a specific for month that we will use.
04:47
The former is the following
04:49
at Microsoft Key vote secret. You are I equal and the secret you are I is the your eye of the key vote slash secrets slash the name of the secret. Let's go get that from the key vote.
05:08
So if you go to the overview,
05:10
you will see the U. N II for the key vote. We can copy this one.
05:15
Go back basted here. Well, right, secrets.
05:19
And then we need to get the secret name which waas
05:26
cyber example secret.
05:29
So we'll have cyber very
05:30
example
05:32
secret.
05:34
And we need to close.
05:38
The parent is is
05:40
let's save this configuration
05:44
and you will see
05:46
that
05:46
now the secret configuration
05:50
is marked as a key vote value.
05:55
Let me refresh this.
06:01
Yep, I'm sure that I want very fresh.
06:06
You see that this value is a key vote reference.
06:11
Let's go put a few lines of court and test our configuration.
06:15
And now, out of function,
06:18
we will go and just
06:20
read the configuration of PSA plane environment Very able.
06:26
In order to do that, we just need to Ryan
06:30
two lines of court.
06:31
All right, drink secret
06:35
sequel
06:38
system, environmental, get environment very able. And the name of our environment very able. Once secret configuration,
06:47
I'll just close it
06:49
and
06:50
instead printing the agent, as we used to do in the past. Let's just print the secret.
07:00
Let's save and run.
07:08
And as you can see, we were able to pull
07:11
the secret our of the key vote. So this is the text that we wrote in the secret.
07:19
Now you know how you can eat secrets for your configuration in natural functions.
07:27
Let's wrap up our model in the whole course.
Up Next