Functions - Setting the Function Key

Updated on 07 Nov 2019
3 Minutes to read
Contributors

Print
Comment
Share
Dark
Light
PDF

Article Summary

Share feedback

Thanks for sharing your feedback!

What

At deployment time how do I set the key on an Azure Function?

Why

When I am doing a release or build I need to be able to set the key on an Azure function so that I can inject the key into my Logic App as a parameter when deploying the Logic App so that the Logic App is able to call the functions.

There are other examples where you may want to use the function key such as inject it into an APIM policy.

We are also likely to want to use different keys for different function users.

How

A different approach is required depending upon if you are using the V1 or V2 runtime for Azure functions.

Functions V2

In the below Powershell script I am setting the values for setting up a key for the function app from a devops pipeline. This is why the local script variables are being taken from the DevOps pipeline variables. If you are using the script outside of DevOps you should be able to just set the variables directly. The script will list the existing keys to help troubleshooting and then delete the key if it already exists and then recreate it.

$subscriptionId = "$(ARM_SUBSCRIPTION_ID)"
$resourceGroup = "$(resourceGroupName)"
$webAppName = "$(functionAppName)"
$functionKey = "$(functionAppKey)"
$keyName = "LogicApp"
$functionKey =  "$(functionAppKey)"

az --version
az rest --help

$resourceId = "/subscriptions/$subscriptionId/resourceGroups/$resourceGroup/providers/Microsoft.Web/sites/$webAppName"

Write-Host "Resource Id = " $resourceId


#List Keys
#=========
Write-Host 'Checking updated keys'
$output = az rest --method post --uri "$resourceId/host/default/listKeys?api-version=2018-11-01"

Write-Host $output
$LastExitCode
if (!$?) {
    Write-Error "Error listing keys 1"
    return
}

#Delete Existing key
#===================

Write-Host 'Deleting existing key'
$output = az rest --method delete --uri "$resourceId/host/default/functionkeys/$($keyName)?api-version=2018-11-01"

Write-Host $output
$LastExitCode
if (!$?) {
    Write-Error "Error deleting key"
    return
}


#Add new Key
#===========

$payload = (@{ properties=@{ name=$keyName; value="$functionKey" } } | ConvertTo-Json -Compress).Replace('"', '\"')

Write-Host "Payload = " $payload

Write-Host 'About to put new key in Azure'
$output = az rest --method put --uri "$resourceId/host/default/functionkeys/$($keyName)?api-version=2018-11-01" --body "$payload"

Write-Host $output
$LastExitCode
if (!$?) {
    Write-Error "Error adding key"
    return
}


#List Keys
#=========
Write-Host 'Checking updated keys'
$output = az rest --method post --uri "$resourceId/host/default/listKeys?api-version=2018-11-01"

Write-Host $output
$LastExitCode
if (!$?) {
    Write-Error "Error listing keys 2"
    return
}

I have used this script in the AzureCLI v2 DevOps task.
The below YAML shows the full task.

variables:
  ARM_SUBSCRIPTION_ID: 'TBC'
  resourceGroupName: 'TBC'
  functionAppName: 'TBC'
  functionAppKey: 'TBC'

steps:
- task: AzureCLI@2
  displayName: 'Azure CLI - Set Function Key - Logic App'
  inputs:
    azureSubscription: 'TBC'
    scriptType: ps
    scriptLocation: inlineScript
    inlineScript: |
     $subscriptionId = "$(ARM_SUBSCRIPTION_ID)"
     $resourceGroup = "$(resourceGroupName)"
     $webAppName = "$(functionAppName)"
     $functionKey = "$(functionAppKey)"
     $keyName = "LogicApp"
     $functionKey =  $(functionAppKey)
     
     az --version
     
     az rest --help
     
     $resourceId = "/subscriptions/$subscriptionId/resourceGroups/$resourceGroup/providers/Microsoft.Web/sites/$webAppName"
     
     Write-Host "Resource Id = " $resourceId
     
     
     #List Keys
     #=========
     Write-Host 'Checking updated keys'
     $output = az rest --method post --uri "$resourceId/host/default/listKeys?api-version=2018-11-01"
     
     Write-Host $output
     $LastExitCode
     if (!$?) {
         Write-Error "Error listing keys 1"
         return
     }
     
     #Delete Existing key
     #===================
     
     Write-Host 'Deleting existing key'
     $output = az rest --method delete --uri "$resourceId/host/default/functionkeys/$($keyName)?api-version=2018-11-01"
     
     Write-Host $output
     $LastExitCode
     if (!$?) {
         Write-Error "Error deleting key"
         return
     }
     
     
     #Add new Key
     #===========
     
     $payload = (@{ properties=@{ name=$keyName; value="$functionKey" } } | ConvertTo-Json -Compress).Replace('"', '\"')
     
     Write-Host "Payload = " $payload
     
     Write-Host 'About to put new key in Azure'
     $output = az rest --method put --uri "$resourceId/host/default/functionkeys/$($keyName)?api-version=2018-11-01" --body "$payload"
     
     Write-Host $output
     $LastExitCode
     if (!$?) {
         Write-Error "Error adding key"
         return
     }
     
     
     #List Keys
     #=========
     Write-Host 'Checking updated keys'
     $output = az rest --method post --uri "$resourceId/host/default/listKeys?api-version=2018-11-01"
     
     Write-Host $output
     $LastExitCode
     if (!$?) {
         Write-Error "Error listing keys 2"
         return
     }
     
     
    powerShellErrorActionPreference: continue
    addSpnToEnvironment: true
    powerShellIgnoreLASTEXITCODE: true
  continueOnError: true

Functions V1

If your using Functions V1 runtime then you need to use a slightly different approach. I have blogged about this previously on the below link:

https://www.serverlessnotes.com/docs/synchronising-keys-when-routing-over-multiple-function-apps

Was this article helpful?

What's Next

Terraform State - CI/CD

Table of contents

What
Why
How