Allow Key Vault references to access secrets behind Key Vault Firewall
Key Vault references cannot currently be used to access secrets in a vault that has been configured with Key Vault Firewall / service endpoints.
It should be possible to resolve secrets from Vaults configured this way (provided the web app / function app is configured with the right VNET integration).
This work is something we are planning on.
Antonio Miron commented
Any ETA on this? The requirement to leave a Key Vault exposed to the whole internet to grab the credentials from an Azure Function renders the function unacceptable for any organization with a set of minimum security requirements, i.e., it's not a viable product.