Inject environment variables from pipeline to Azure functions

Question

Hi,

I have Azure functions which read environment variables stored in Configuration->Application settings. Since these variables include some secret, I plan to move them to somewhere safe. If don't use Azure KeyVault to store the secrets, are we able to inject the secrets from Azure pipeline?

For example, I add the variables in Azure build pipeline->build the artifact->deploy the package from Azure Release pipeline to Azure functions, will the variables be injected as environment variables to be read by Azure functions?

Is there any other method to do this without using KeyVault?

Thank you

Answer 1

Azure Pipelines and Azure Functions won't be running on the same host, so there is no way for the environment variables to be injected between systems. You will have to use Azure KeyVault or something similar to achieve security of your secrets.

Azure KeyVault is an ideal choice when running on Azure and for Azure Functions, you could leverage Azure Key Vault References which allow seamless integration without changing your code. The secrets are stored in KeyVault but are fetched by the hosting environment securely using Managed Identity. Your code would try to fetch values from the environment as usual.