In a recent blog post, my colleague Kapil Arora demonstrated how you can use HashiCorp Vault from an Azure VM using system managed machine identity and Vault Agent. But what if your application, or a component of your application, runs as an Azure App Service (PaaS) or an Azure Function (FaaS)?
In this blog post we will learn how you can authenticate and retrieve secrets from HashiCorp Vault from within an Azure App Service. This method can also be used from an Azure Function. I also delivered a webinar on this topic and it is available here.
To demonstrate this functionality we’ll be using a simple CRUD front end application written in Python that connects to a back end MySQL database. There will also be a Vault server providing database credentials and performing encryption and decryption of application data. The front end application will be run on Azure App Service, and the Vault server and MySQL database will be hosted on an Azure VM. If you’d like to skip right to the demo, the code repository is located here. …