Add binding to Key Vault
Functions often need password, API keys, and connection strings to connect to other services and retrieve data. It would be great if those secrets could easily be obtained from Key Vault.

Hi all,
Thank you all for the comments and feedback. We’re very pleased to announce that support for Key Vault references is now generally available! You can find the update here: https://azure.microsoft.com/updates/general-availability-of-key-vault-references-in-app-service-and-azure-functions/
The work certainly doesn’t stop here. We are looking to add support for additional networking configurations, and work is underway for rotation handling (making the version string optional). Please consider putting votes towards these features as well! They are captured below.
Rotation: https://feedback.azure.com/forums/169385/suggestions/36532414
Firewall/ServiceEndpoints: https://feedback.azure.com/forums/355860/suggestions/38817385
Again, thanks for all of the input on this item. It really does make a difference.
- Matthew
52 comments
-
Dimka M commented
This is really needed. More importantly a caching mechanism is required so that keyvault does not get overwhelmed with requests when function infinitely scales. (see discussion here: https://github.com/Azure/azure-webjobs-sdk/issues/746)
-
Nathan Anderson commented
ping for update.
-
Anonymous commented
Has this been implemented by any chance. All clients want to maintain their security information in Key Vault
-
Ahmet Arsan commented
Can't use Functions without this. This is an absolute must. ETA?
-
Adam Modlin commented
Any updates here? My customer requires all connection strings be stored in KeyVault and this is a problem for using functions.
-
Parry Kitchner commented
Add this binding and Azure Function usage will hit an all new high! It would be great not to have to re-store the secrets in the App Config.
-
Gary Mitchell commented
Any idea when this might become available? I really need it. The cert approach didn't get approved by IT Security.
-
Henrik commented
A necessary feature, and overall great idea. Examples of securables are tokens (like Github, Slack) and certificates.
-
Joshua Toon commented
This would be great.
-
Gerald Wiltse commented
Food for thought, this recent development in .NET Core might reduce the amount of custom code you need for this.
-
Gerald Wiltse commented
I believe I read somewhere that this had basically been accepted and if so, this is just a ping to update status here.
-
San G commented
There is no feature in azure functions to azure key vault integration for Trigger and Outputs connection strings.
Please suggest any alternative solutions for this feature.