Image for post
Image for post
Please click for an animated flow diagram of the demo

In a recent blog post, my colleague Kapil Arora demonstrated how you can use HashiCorp Vault from an Azure VM using system managed machine identity and Vault Agent. But what if your application, or a component of your application, runs as an Azure App Service (PaaS) or an Azure Function (FaaS)?

In this blog post we will learn how you can authenticate and retrieve secrets from HashiCorp Vault from within an Azure App Service. This method can also be used from an Azure Function. I also delivered a webinar on this topic and it is available here.

Demo Application

To demonstrate this functionality we’ll be using a simple CRUD front end application written in Python that connects to a back end MySQL database. There will also be a Vault server providing database credentials and performing encryption and decryption of application data. The front end application will be run on Azure App Service, and the Vault server and MySQL database will be hosted on an Azure VM. If you’d like to skip right to the demo, the code repository is located here. …

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store