Coding

Terraform: Get Azure Function key

Update 12/11/2020: This is now supported directly in the Azure Terraform Provider see here.

Updated 09/03/2020: This new method in the Azure provider has intermittent issues. I have another workaround here which avoids ARM templates as an alternative.

So you’ve deployed your function and you want to get pass the secure url another component in your deployment so it can use it…

Well currently there isn’t an output item on the azurerm_function_app resource in Terraform (I’m hoping to fix that up if I get some time) so how do you do it?

Here is a my quick and dirty fix using the azure_template_deployment resource in Terraform.

We create an empty release and then use the listkeys function to pull back the keys for the function. We only want the function key so we index into the object with functionKeys.default (you can get the master key too if you want).

Then we output this from the Terraform so it can be used elsewhere. You can now go ahead and pass this into your other component.

# Get the functions keys out of the app
resource "azurerm_template_deployment" "function_keys" {
name = "javafunckeys${var.random_name_ending}"
parameters = {
"functionApp" = "${azurerm_function_app.function-app.name}"
}
resource_group_name = "${var.resource_group_name}"
deployment_mode = "Incremental"
template_body = <<BODY
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#&quot;,
"contentVersion": "1.0.0.0",
"parameters": {
"functionApp": {"type": "string", "defaultValue": ""}
},
"variables": {
"functionAppId": "[resourceId('Microsoft.Web/sites', parameters('functionApp'))]"
},
"resources": [
],
"outputs": {
"functionkey": {
"type": "string",
"value": "[listkeys(concat(variables('functionAppId'), '/host/default'), '2018-11-01').functionKeys.default]" }
}
}
BODY
}
output "func_keys" {
value = "${lookup(azurerm_template_deployment.function_keys.outputs, "functionkey")}"
}

view raw
keys.tf
hosted with ❤ by GitHub

// This is the response from the `listkeys` function in ARM so we use `.functionKeys.default` to reach into it and output
// the function key we need.
{
"functionKeys": {
"default": "KEYEHERE…qtocq1safFGhAwZkzPe1VdRflvg=="
},
"masterKey": "KEYEHERE……Ju1384KHUprI01kH5GIKH2uvrqew==",
"systemKeys": {}
}

view raw
response.json
hosted with ❤ by GitHub

Standard

3 thoughts on “Terraform: Get Azure Function key

  1. Thanks very much for this, needed to do this exact thing, except with the eventgrid_extension key, today.

    For those wanting to get that key, you just need to modify the outputs to something like this:-

    “`
    “outputs”: {
    “eventGridKey”: {
    “type”: “string”,
    “value”: “[listkeys(concat(variables(‘functionAppId’), ‘/host/default’), ‘2018-11-01’).systemKeys.eventgrid_extension]”
    “`

  2. Conor says:

    Thanks this is super helpful! Needed this so could call a function via azure api management.

    Any update on your work for a proper terraform datasource?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s