← Back to overview
April 10, 2016 · Microsoft Azure azure-functions

Azure Functions - Rotate the secret of your HttpTrigger functions

When you create an HttpTrigger function in Azure Functions the URL for this function will look like this:

https://functionsad5bb49d.azurewebsites.net/api/my-http-function?code=1pvufd35aopqmyk569wom6ajoranxlfw24wj3q6lahw5rzk0rudiz21wkgxpmur1r9k92swwb3xr

The code serves as a "secret" and is a static value which is generated when you create the function. Now if for some reason you need to rotate the secret the code for whatever reason there are 2 options to do so.

Manually navigate to the SCM site

The key is stored in a JSON file under the Function secrets:

D:\home\data\Functions\secrets\my-http-function.json

You can use the online editor to modify the JSON file. Replace functionsad5bb49d with the name of your own Functions app.

https://functionsad5bb49d.scm.azurewebsites.net/DebugConsole

Automation

The filesystem is also exposed through the Kudu API, which you an call by authenticating using your deployment credentials:

const request = require('request-promise');

const deploymentCredentialsUsername = 'myUsername';  
const deploymentCredentialsPassword = 'myPassword';

const newCode = 'someOtherCode';  
const functionApp = 'nameOfMyFunctionApp';  
const functionName = 'nameOfMyFunction';  
const functionAppUrl = `https://${functionApp}.scm.azurewebsites.net/api/vfs/data/functions/secrets/${functionName}.json`

request  
  .get({
    resolveWithFullResponse: true,
    url: functionAppUrl,
    auth: {
      username: deploymentCredentialsUsername,
      password: deploymentCredentialsPassword
    }
  })
  .then((res, body) => res.headers.etag)
  .then((etag) => request.put(
    {
      url: functionAppUrl,
      auth: {
        username: deploymentCredentialsUsername,
        password: deploymentCredentialsPassword
      },
      headers: {
        'if-match': etag
      },
      json: {
        key: newCode
      }
    })
  )
  .then(body => {
    console.log(`Code updated. You can now call:\n https://${functionApp}.azurewebsites.net/api/${functionName}?code=${newCode}`);
  })
  .catch(err => console.error(err));

And that's it. After running this your extension will be accessible with the new secret.

  • LinkedIn
  • Tumblr
  • Reddit
  • Google+
  • Pinterest
  • Pocket
Comments powered by Disqus