This provides a custom Key Vault API Connector for Logic Apps.
Currently Microsoft Logic App doesn't provide a Logic App connector for Azure Key Vault. Although there is a workaround to get access to Key Vault directly from the Logic App, it would be easier to use an API connection like any other connectors.
Therefore, this repository offers a custom API using Azure Functions to access to Key Vault.
- 한국어: TBD
- English: TBD
This consists of several components using Azure products/services:
- Azure Storage Account
- Azure Application Insights
- Azure Consumption Plan
- Azure Functions
- Azure Logic Apps Custom Connector
- Azure API Connection - Custom Connector
- Azure Logic App
- Azure Key Vault
NOTE: The Logic App instance is for testing purpose.
Click the button below to deploy the ARM template through Azure Portal:
Alternatively, deploy it through Azure PowerShell.
-
Login to Azure Resource Manager through PowerShell.
Login-AzureRmAccount -
Create a resource group.
New-AzureRmResourceGroup ` -Name "[RESOURCE_GROUP_NAME]" ` -Location "[LOCATION]"
-
Update
azuredeploy.parameters.json. -
Deploy the ARM template.
New-AzureRmResourceGroupDeployment ` -Name KeyVaultConnector ` -ResourceGroupName "[RESOURCE_GROUP_NAME]" ` -TemplateFile "azuredeploy.json" ` -TemplateParameterFile "azuredeploy.parameters.json" ` -Verbose
You can also use Azure CLI for ARM template deployment.
-
Login to Azure Resource Manager through Azure CLI.
az login
-
Create a resource group.
az group create \ --name [RESOURCE_GROUP_NAME] \ --location [LOCATION] -
Update
azuredeploy.parameters.json. -
Deploy the ARM template.
az group deployment create \ --name KeyVaultConnector \ --resource-group [RESOURCE_GROUP_NAME] \ --template-file azuredeploy.json \ --parameters @azuredeploy.parameters.json \ --verbose
NOTE: This is using nested ARM template deployment. If you are not sure how it works, deploy each ARM template individually in the following order:
src/KeyVaultConnector.Resources/StorageAccount.jsonsrc/KeyVaultConnector.Resources/ApplicationInsights.jsonsrc/KeyVaultConnector.Resources/ConsumptionPlan.jsonsrc/KeyVaultConnector.Resources/FunctionApp.jsonsrc/KeyVaultConnector.Resources/CustomApi-KeyVault.jsonsrc/KeyVaultConnector.Resources/ApiConnection-KeyVault.jsonsrc/KeyVaultConnector.Resources/LogicApp.jsonsrc/KeyVaultConnector.Resources/KeyVault.json
Once all Azure resources are deployed, deploy the Azure Functions application through Visual Studio, Visual Studio Code, Azure CLI or CI/CD pipeline.
If there is no secrets on Azure Key Vault, create some. It may require to add your credentials to Key Vault access policies.
Get the host key for Azure Functions from the settings and authorise the API connection.
Use the Logic App instance deployed, simply run it with the payload below:
{
"secretName": "[SECRET_NAME]"
}Your contributions are always welcome! All your work should be done in your forked repository. Once you finish your work with corresponding tests, please send us a pull request onto our dev branch for review.
Key Vault Connector for Logic Apps is released under MIT License
The MIT License (MIT)
Copyright (c) 2018 aliencube.org
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.