[Question] Functions 'Host Keys' & ARM templates #516
Comments
|
I am facing the exact same issue. What options are available? |
|
If using function key rather than host key is an option, you can easily retrieve them programmatically within your ARM template with the listsecrets method. more info here |
|
The issue is that I need to set a key on both function applications that is shared(the same value) because there are multiple instances of the function app behind a load balancer. |
|
Same. I've tweaked the question so the options are a little clearer in a preferred order to solve this issue. @Mandur thanks for that - unfortunately if it requires the function name it wouldn't work for us, hence the host keys.... but it's a nice solution. If I have some time I'll dig around from that point on the ARM templates to see if I can get the host keys out via arm. Reading the host keys though is a last resort and is only possible for us because of the specific way our platform is set up... hence setting the keys is still going to be needed in some way... |
|
I'm running into similar issue. I am deploying my Azure Functions using ARM Templates (the shell) and then the actual Function code using MSDeploy. Unfortunately, there is a chicken & egg situation. When deploying the ARM templates, no functions exist, so I can't set or obtain any function level keys. This is where a host key could come into play. Similar to the original poster, it would be nice to be able to add additional keys since they are always auto generated when creating the function shell or function itself. We have multiple systems that call these Functions, and I've setup Function Keys for each one, and then shared to these systems. If I need to recreate the envrionments, I can automate the deploy of shell & code, but need to manually go into the Portal to set the keys back to what they were. Another option would be when deploying the Azure Function code itself using MSDeploy, being able to specify additional Function level keys in the function.json or something that is deployed and read by the runtime. Last restore would be setting up some post deploy powershell and manually create the known/shared keys via the REST API. |
|
Please visit this blog : information mentioned might be useful to get the keys over API calls and ARM client / Powershell |
|
Are there any plans to provide access via ARM to the host-level keys? I'm about to add a custom Powershell step to my deploy process, but it would be nice to avoid :) |
|
I would like to request this feature be added to azure cli. thanks! i can't automate my environment(load balanced function apps with trafficmanager) at the moment. |
|
any option via ARM template? Also how to create function key? Since code is deployed via web deploy, should we write custom powershell to create function key? |
|
Is the ability to provision function app host keys (and individual function keys if possible, given function names in advance) via ARM on the roadmap. @jeffhollan |
|
Just pulling apart thread (and adding @fabiocav as we were discussing keys + ARM the other day). Is the ask you want to SET a host key as part of an ARM template? I can't say it's something that is being tracked / high on backlog but if so let me know and we can track the ask. Understand the desire here to have consistent host keys across apps as well. |
|
Yep, exactly, function keys as well, although I am not sure that is doable at ARM time, since function names aren't even know yet. Our app has multiple instances of identical function apps scattered across Azure regions, think webhook subscriber. If webhook provider sends webhook from different geo closer to a different region, it needs to be the same host key. This is "our" scenario, we only want 1 webhook url for subscriptions, in our case routed through Traffic Manager. |
|
Hi @jeffhollan. My desire is just to be able to access the host key as part of the ARM template via a |
|
Hi guys, just would like to ask if it's available now to get host keys for a function app in ARM? I did some research and found in ARM, it only supports to get function key, not host key yet. |
|
Listing the host key with listsecrets in an ARM template is a pretty important feature that is missing. I can retrieve the function keys individually but this is not ideal for a number of reasons. First, the ARM template needs to be updated every time a function is added. More importantly, the listsecrets will fail until we deploy our functions, so the ARM template will fail the first time we run it. |
|
Its almost a year... |
|
Being able to get host keys is very important to us as well. |
|
Clarifying and also updating:
|
|
Definitely tracking the following scenarios:
Not sure I understand the scenario where you want the HOST key, but let me know so I can make sure we are tracking. |
|
I eventually found the syntax for retrieving the host key in an ARM template from someone's blog. There seem to be plenty of other people that have trouble finding it. Some better documentation that is straightforward to find would help a lot. |
|
@jeffhollan . Azure function specific parameters |
|
@brushwood24 Could you please add link to this thread? |
|
|
Any updates on this? As several people mentioned in this thread already, not being able to retrieve the host key from ARM template blocks the scenario where a new function app is created in the template and another resource in the same template needs to reference this function's webhook url. Using the function trigger_url secret doesn't work, since the function is not deployed yet and will only be deployed after the ARM template deployment is done |
In my case, my client built their own api gateway. In their implementation, when somebody tries to query my functions, the call goes to their api gateway and it is wired to 'My FA Host'+'what ever function requested by client'. They don't care about specific endpoints, basically because each feature has its own host and 1 to many functions. We have many features and MANY environments, my problem is that for each feature i have to manually go and either create a new pull request to the api gateway with the new api key/s, or go to the FA and add a new key (this is what i've been doing lately). That is why I would like to be able to set up the host key to from the ARM. This way i would create the PR to my clients api gate way just once (when starting a new feature) having defined my new keys even before deploying any environments and don't worry about this later. @jeffhollan So, for me is not about consistency, for me this would eliminate at least 1 item of my To-Do list for setting-up a new environment. |
|
As Jeff mentioned, we're working on a new set of ARM APIs to enhance the story here, and while this is further out, we do have a new feature landing soon (within the next couple of sprints) that will improve the experience by adding support for Key Vault as the backing store for API keys. When that feature becomes available, we'll publish documentation/guidance on how to manage keys over ARM in a variety of scenarios, including deployment. |
|
Adding @mattchenderson for awareness. |
|
Tracking issue Azure/azure-functions-host#3994 |
|
Closing in favor of tracking in the host issue. |
Hi,
We utilize the Host Keys to protect functions. I know on the portal it is possible to add a custom host key, meaning that if they were behind a traffic manager, the codes could be the same - for example.
Is there any way that we can do any of the following (in order of preference..):
Thanks,
The text was updated successfully, but these errors were encountered: