Can't read value from Azure Key Vault

Question

I've implmented Azure Key Vault in my Azure Functions app following this article: https://medium.com/statuscode/getting-key-vault-secrets-in-azure-functions-37620fd20a0b

As described in the article, I'm using Managed Service Identity (MSI) but looks like I'm unable to read values from Key Vault. The following is the line that is supposed to read the value.

var myValue = (await kvClient.GetSecretAsync(Environment.GetEnvironmentVariable("documentDbkey"))).Value;

This is what my entries look like on Azure KeyVault:

Am I supposed to use the key for my entry i.e. documentDb or the version Id which is the one that starts with bf2550f4e?

Here's error:

Exception while executing function: IngridNotificationsFunction Microsoft.Azure.WebJobs.Host.FunctionInvocationException : Exception while executing function: IngridNotificationsFunction ---> System.ArgumentNullException : Value cannot be null. Parameter name: secretIdentifier at async Microsoft.Azure.KeyVault.KeyVaultClientExtensions.GetSecretAsync(??)
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at async Ingrid.Notifications.IngridNotifications.Initialize() at C:\Users\Sam\Documents\Visual Studio 2017\Projects\Ingrid.Notifications\Ingrid.Notifications\IngridNotifications.cs : 83 at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Ingrid.Notifications.IngridNotifications.Run(String myQueueItem) at C:\Users\Sam\Documents\Visual Studio 2017\Projects\Ingrid.Notifications\Ingrid.Notifications\IngridNotifications.cs : 38 at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Microsoft.Azure.WebJobs.Host.Executors.VoidTaskMethodInvoker2.InvokeAsync[TReflected,TReturnType](TReflected instance,Object[] arguments) at C:\projects\azure-webjobs-sdk-rqm4t\src\Microsoft.Azure.WebJobs.Host\Executors\VoidTaskMethodInvoker.cs : 20 at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Microsoft.Azure.WebJobs.Host.Executors.FunctionInvoker2.InvokeAsync[TReflected,TReturnValue](Object instance,Object[] arguments) at C:\projects\azure-webjobs-sdk-rqm4t\src\Microsoft.Azure.WebJobs.Host\Executors\FunctionInvoker.cs : 63 at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at async Microsoft.Azure.WebJobs.Host.Executors.FunctionExecutor.InvokeAsync(IFunctionInvoker invoker,ParameterHelper parameterHelper,CancellationTokenSource timeoutTokenSource,CancellationTokenSource functionCancellationTokenSource,Boolean throwOnTimeout,TimeSpan timerInterval,IFunctionInstance instance) at C:\projects\azure-webjobs-sdk-rqm4t\src\Microsoft.Azure.WebJobs.Hos…

What could be the reason why I'm unable to read values from my Azure KeyVault?

Answer 1

System.ArgumentNullException : Value cannot be null

---

According to the exception, it indicates that Environment.GetEnvironmentVariable("documentDbkey") is null.

What could be the reason why I'm unable to read values from my Azure KeyVault?

If we want to use Environment.GetEnvironmentVariable("documentDbkey") we need to config the azure function app setting to add the key documentDbkey with value https://{yourkeyvalue}.vault.azure.net/Secrets/{yourSecretName} in your case.

Update:

You could use the following code directly to get the secret.

kvClient.GetSecretAsync("https://{yourkeyvalue}.vault.azure.net/Secrets/{yourSecretName}")​.Value

In the article also mentioned that he use the application setting for storing the key vault secret id.

You’ll notice I am using an environment variable (application setting) in this case for the key vault secret ID, but that itself is not a secret — just a location of where the secret is stored