Search code examples
azure-functionsazure-storageconnection-stringazure-managed-identityazure-durable-functions

How to use ManagedIdentity in Azure Function storage account connection string

I have an Azure Function that is using durable functions:

local.settings.json

"Values": {
  "AzureWebJobsStorage": "UseDevelopmentStorage=true",
  "DurableFunctionsStorageConnectionString": "UseDevelopmentStorage=true"
}

host.json

"extensions": {
        "durableTask": {
            "storageProvider": {
                "connectionStringName": "DurableFunctionsStorageConnectionString"
            }
        }
    }

Instead of using connection string with an access key in Azure environment, I would like to use a managed identity and give it access. Is there a version of the connection string that is supported that can use managed identity?

This is an example of a similar access for SignalR connection string:

Endpoint={signalr_service_endpoint};AuthType=aad;Version=1.0;

It's even better if there is a possibility for DefaultAzureCredential from Azure.Identity, but it will suffice for me to "turn on" Managed Identity.

P.S. I am not looking on how to connect to a storage account in my code, but how to make Azure Function infrastructure to do it for the accounts that it needs.

Solution

  • Thanks to useful comments by @Thomas, I figured out that:

    1. It is possible to do for ordinary storage account by providing this variable:

      AzureWebJobsStorage__accountName: the value is just the name of storage account. Documentation here.

    2. It is not possible for Durable functions yet. See this issue.