How to use properly Azure app configuration with key vault reference in a function app?

Question

I have a problem with the Azure app configuration - key vault reference. Currently, I have an app configuration key (FunctionApp:Replication:Regions) with many values (asia, we, sae).So the connection is one to many. I added key-vault reference to each value. But the problem is that I don't know how to read the data from the function app, to get the value in the key vault.

Currently, I am using two services:

ConfigurationClient - To get the all values in one key.

IConfigurationRefresher to refresh the app configuration, to get the latest changes that are made, without the need of a function restart.

Example (StorageService):

private readonly ConfigurationClient _client;
private readonly IConfigurationRefresher _configurationRefresher;

public StorageService(ConfigurationClient client, IConfigurationRefresherProvider refresherProvider)
        {
            _client = client,
            _configurationRefresher = refresherProvider.Refreshers.First();
        }

SettingSelector settingSelector = new SettingSelector()
            {
                KeyFilter = "FunctionApp:Replication:Regions"
            };

var regions = _client.GetConfigurationSettings(settingSelector).ToList();

Example (Startup):

public override void Configure(IFunctionsHostBuilder builder){
    ConfigurationClient appConfigurations = new 
    ConfigurationClient(appConfigurationsConnectionString);

    builder.Services.AddSingleton<ConfigurationClient>(appConfigurations);

}

public override void ConfigureAppConfiguration(IFunctionsConfigurationBuilder builder)
       {
           builder.ConfigurationBuilder.AddAzureAppConfiguration(options =>
           {
               options.Connect(Environment.GetEnvironmentVariable("ConnectionString")).Select("FunctionApp:*").ConfigureRefresh(refreshOptions =>
               {
                   refreshOptions.Register("FunctionApp:Replication:Regions", refreshAll: true);
               });
           });
       }  

When i try to get the values - var regions = _client.GetConfigurationSettings(settingSelector).ToList(); , it returns this :

{"uri":"https://appconfigurationkeyvalut.vault.azure.net/secrets/tableasia"},

{"uri":"https://appconfigurationkeyvalut.vault.azure.net/secrets/tablewe"},

{"uri":"https://appconfigurationkeyvalut.vault.azure.net/secrets/tablesea"}

And i dont know how to get the value from the key vault. Any ideas ?

Answer 1

1. In Azure App Configuration, follow this doc and create key vault references for the following keys:
   • FunctionApp:Replication:Regions:Asia
   • FunctionApp:Replication:Regions:We
   • FunctionApp:Replication:Regions:Sea
2. Follow this doc and create an Azure Function. Note that you shouldn't use ConfigurationClient. It will not resolve the key vault reference for you. The Microsoft.Extensions.Configuration.AzureAppConfiguration library will resolve the key vault reference and make secret values available in IConfiguration.
3. Enable dynamic configuration for your function app by following this doc. You should use a sentinel key for configuration change monitoring. The startup.cs looks something like this:

public override void ConfigureAppConfiguration(IFunctionsConfigurationBuilder builder)
{
    builder.ConfigurationBuilder.AddAzureAppConfiguration(options =>
    {
        options.Connect(Environment.GetEnvironmentVariable("ConnectionString"))
                // Load all keys that start with `FunctionApp:` and have no label
                .Select("FunctionApp:*")
                // Configure to reload configuration if the registered sentinel key is modified
                .ConfigureRefresh(refreshOptions =>
                    refreshOptions.Register("FunctionApp:Sentinel", refreshAll: true));
    });
}

4. The secret value of your key vault references are accessible via IConfiguration automatically in your Run function. For example, _configuration["FunctionApp:Replication:Regions:Asia"].