ramya894
commented
1 year ago @bujhie We will discuss this issue with our next level team and update you.
Open bujhie opened 1 year ago
ramya894
commented
1 year ago @bujhie We will discuss this issue with our next level team and update you.
bujhie
commented
1 year ago @bujhie We will discuss this issue with our next level team and update you.
Thanks @ramya894. Very much looking forward to it
avetkhov
commented
1 year ago @ramya894 Any updates?
orestescu
commented
1 year ago @ramya894 It is the same in our case. We just starting to move the functions keys from the default storage account to a keyvault (we share a keyvault across many function apps in the subscription), but this limitation is actually weird since should be a common way of working.
Do you have any news?
gegetoth
commented
8 months ago I would be interested in a solution as well.
raphaotten
commented
4 months ago It is indeed a very unfortunate limitation.
Henry-Sir
commented
2 months ago Any updates? The issue has been open for almost 2 years...
Is it not possible to put the app service name in front of the key name? [app service name]--[host or function]--[...]--[...]
Function App name: doesn't matter Tools used: irrelevant New V4 app
We are trying to use multiple function apps for some data integration work and are trying to secure their configuration. So we are trying to follow the recommendations from here: https://learn.microsoft.com/en-us/azure/azure-functions/security-concepts?tabs=v4
We have managed to instantiate a function app and integrate with key-vault using a user-managed identity. We can see that the function app successfully creates two secrets _master and default. The problem is the names of these secrets are not unique: 'host--functionKey--default' and 'host--masterKey--master' (see screnshot) which means instantiating the second function app creates a broken function app with no keys or ability to create new ones: the option to create is greyed out but after a long wait I can initiate key creation which fails with "Encountered an error (InternalServerError) from host runtime." error.
The fact that default keys aren't uniquely named will also create an issue when one deletes the function app and creates a new one pointing to the same keyvault.
Also before you suggest we are not able to adopt the model where we allocate a dedicated keyvault instance to a function app.