Update 12/11/2020: This is now supported directly in the Azure Terraform Provider see here.
Updated 09/03/2020: This new method in the Azure provider has intermittent issues. I have another workaround here which avoids ARM templates as an alternative.
So you’ve deployed your function and you want to get pass the secure url another component in your deployment so it can use it…
Well currently there isn’t an output item on the azurerm_function_app resource in Terraform (I’m hoping to fix that up if I get some time) so how do you do it?
Here is a my quick and dirty fix using the azure_template_deployment resource in Terraform.
We create an empty release and then use the listkeys function to pull back the keys for the function. We only want the function key so we index into the object with functionKeys.default (you can get the master key too if you want).
Then we output this from the Terraform so it can be used elsewhere. You can now go ahead and pass this into your other component.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get the functions keys out of the app | |
| resource "azurerm_template_deployment" "function_keys" { | |
| name = "javafunckeys${var.random_name_ending}" | |
| parameters = { | |
| "functionApp" = "${azurerm_function_app.function-app.name}" | |
| } | |
| resource_group_name = "${var.resource_group_name}" | |
| deployment_mode = "Incremental" | |
| template_body = <<BODY | |
| { | |
| "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", | |
| "contentVersion": "1.0.0.0", | |
| "parameters": { | |
| "functionApp": {"type": "string", "defaultValue": ""} | |
| }, | |
| "variables": { | |
| "functionAppId": "[resourceId('Microsoft.Web/sites', parameters('functionApp'))]" | |
| }, | |
| "resources": [ | |
| ], | |
| "outputs": { | |
| "functionkey": { | |
| "type": "string", | |
| "value": "[listkeys(concat(variables('functionAppId'), '/host/default'), '2018-11-01').functionKeys.default]" } | |
| } | |
| } | |
| BODY | |
| } | |
| output "func_keys" { | |
| value = "${lookup(azurerm_template_deployment.function_keys.outputs, "functionkey")}" | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // This is the response from the `listkeys` function in ARM so we use `.functionKeys.default` to reach into it and output | |
| // the function key we need. | |
| { | |
| "functionKeys": { | |
| "default": "KEYEHERE…qtocq1safFGhAwZkzPe1VdRflvg==" | |
| }, | |
| "masterKey": "KEYEHERE……Ju1384KHUprI01kH5GIKH2uvrqew==", | |
| "systemKeys": {} | |
| } |
GripDev 
Thanks very much for this, needed to do this exact thing, except with the eventgrid_extension key, today.
For those wanting to get that key, you just need to modify the outputs to something like this:-
“`
“outputs”: {
“eventGridKey”: {
“type”: “string”,
“value”: “[listkeys(concat(variables(‘functionAppId’), ‘/host/default’), ‘2018-11-01’).systemKeys.eventgrid_extension]”
“`
Thanks this is super helpful! Needed this so could call a function via azure api management.
Any update on your work for a proper terraform datasource?
Think someone else picked this up and it’s now in the Azure RM provider here: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/function_app_host_keys