This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 83%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
Function apps - (vnet enabled) when we allow selected network in keyvault, function app was not able to use secrets in keyvalut but in IAM roles under function app I see key vault secrets user role has been assigned. I am I missing any additional permissions here?
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
An Azure service that provides an event-driven serverless compute platform.
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 69%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Hi,
The access permision is not granted în this way.
You basically need to create an managed/user identity for the function app and then create an access policy în the key vault.
More info at:
https://learn.microsoft.com/en-us/azure/app-service/app-service-key-vault-references#granting-your-app-access-to-key-vault
Hope this helps!