How can we improve Microsoft Azure Functions?

← Azure Functions

Blob trigger support with Service Principle/Managed identity

We are trying to setup a Blob Triggered Function, but we have a limitation to use only Service principal/managed identity to access the storage because of the security concerns in directly using access keys.

We did not find a way to by-pass blob trigger to using connection string.

Theoretically, since Blob Storage is integrated with Azure Active Directory, it should be possible to provide the right RBAC permissions on my Blob Containers so that the Function's identity (Managed Service Identity)/Service principle has whatever permissions are necessary to create the trigger and read from the blobs.

We are expecting azure functions blob trigger to support authentication with Service Principal/managed Identity

14 votes
Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Sign in with: Microsoft
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Jonathan Jones commented  ·   ·  Flag as inappropriate

    I would also like this feature. We have another team that needs to ingest data (in a different subscription) and to configure the trigger we now:

    - have to expose what are effectively root passwords to individuals
    - struggle to rotate the credentials, as with every rotation the other team would need to update their trigger

    Please add MI support to Blob triggers asap.

    My comment is for a logic app, but I believe it's the same root cause

Azure Functions: Feature

Categories

Feedback and Knowledge Base

(thinking…)
Hosted by UserVoice