This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello,
To get the connection string of a Azure Storage in Azure Function, we are using the Applicationg Settings in the configuration menu. The problem is that we are receiving the following error:
AccessToKeyVaultDenied --> Key Vault reference was not able to be resolved because site was denied access to Key Vault reference's vault.
In theory, everything is ok.
- In KeyVault, the secrets are well created and we have create an Access Policy for the Azure Function with “Get” and “List” privileges in the Secrets Permission.
- Manage Identity is ON in Azure Function.
- In Azure Function, the Application Settings has the correct syntax, and the references are valid. We have executed the “Diagnose and solve problems” tool to check that.
We are using Azure Function Premium plan, but I must say that this way to access the secrets works before with a Consumption plan.
Do you know what can be the problem here?
Thanks!
EDIT
I have create another Azure Function with Concumption Plan and the Application Settings are working with the same configuration as the Premium one. Is it possible that the Premium Functions works in another way? Hay can we access then to the Secrets in KeyVault?
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
An Azure service that provides an event-driven serverless compute platform.
Did you grant your Function App access to Key Vault using Managed Identity?
https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references?tabs=azure-cli#granting-your-app-access-to-key-vault
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 33%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPK%3C/text%3E%3C/svg%3E)
Problem Resolved.
My scenario was my resources web app and key vault attached with private endpoint on same Vnet.
Solution: virtual link was missed from private DNS zone . SO i have attached the vnet to the dnszone virtual link.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 98%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKE%3C/text%3E%3C/svg%3E)
I too had the similar issue.
The problem is solved: in KeyVault, we haven't added the Azure Function subnet.