Configure Azure Function app settings using VSTS without viewing the Azure Portal
We use VSTS to build various Azure Web Apps and deploy them in different environments. During the release process, we perform transformations in Web.config files using variables stored in VSTS for things like environment connection strings.
We wanted to do a similar thing with Azure Functions, but we had problems. We found that doing the transformations to the appsettings.json file did not work. New new key / value pairs do not work in Azure, and changes to existing ones are not uploaded to Azure.
I have looked through countless documents and only found documentation that app settings for Azure Functions should be stored using the Azure Portal or installed using a PowerShell script during the release process. However, these solutions then expose connection strings and other secrets to anyone with access to the Azure Portal, which is not what we want.
How can I expose application parameters for Azure Functions, such as AzureWebJobsStorage and AzureWebJobsDashboard values, without exposing them to the Azure Portal?
source to share
However, these solutions expose connection strings and other secrets to anyone with access to the Azure Portal, which is not what we want.
This is a wrong assumption. Only users who are members or administrators in this app can see the app's settings. And the same users can see all the expanded files, so if you have secrets in the expanded files, they are equally visible.
The advantage of using App Setting over your secrets in files:
- Application settings secrets and encrypted in rest mode
- You are less likely to accidentally console a secret by downloading expanded files without realizing they have secrets.
source to share