Logic app - connecting with Azure keyvault
Connecting a Logic App to Azure Key Vault allows you to securely store and manage sensitive information such as API keys, connection strings, and certificates. Logic Apps support integration with Azure Key Vault using Managed Service Identity (MSI). Here's how you can connect a Logic App to Azure Key Vault:
Prerequisites:
1. Azure Key Vault:
- Ensure you have an Azure Key Vault created where your secrets are stored.
2. Access Policy:
- Make sure the Managed Identity of your Logic App has the necessary permissions (`Get` and `List` for secrets) on the Azure Key Vault. You can set this up in the Key Vault's Access Policies section.
Steps to Connect Logic App to Azure Key Vault:
1. Enable Managed Identity for Logic App:
- In the Azure portal, go to your Logic App's settings.
- Under "Identity," switch the "System assigned" toggle to "On." This enables Managed Service Identity (MSI) for your Logic App.
2. Grant Access to Key Vault:
- In the Azure Key Vault's settings, under "Access policies," add a new access policy.
- Choose the principal corresponding to your Logic App (it should be visible after enabling MSI).
- Assign the necessary permissions (e.g., `Get` and `List`) for secrets.
3. Use Key Vault Secrets in Logic App:
- Inside your Logic App, add an action where you need to use a secret (e.g., HTTP action, database connection, etc.).
- In the action, when you need to provide a sensitive value, click on the "Add a parameter" button (`+`) and select "Managed Identity" from the dynamic content.
- From there, you can select the appropriate secret from your Key Vault. The Logic App will be able to access this secret securely.
For example, if you're configuring an HTTP action with a header that requires a secret API key, you can set the header value by selecting the secret from Key Vault like this:
- Header Key: `Authorization`
- Header Value: `Bearer @{listSecrets('YOUR-KEY-VAULT-NAME', 'YOUR-SECRET-NAME').value}`
In this example, `listSecrets('YOUR-KEY-VAULT-NAME', 'YOUR-SECRET-NAME')` is a function available in Logic Apps that retrieves the specified secret from your Key Vault.
By following these steps, your Logic App can securely access secrets stored in Azure Key Vault without exposing sensitive information in the Logic App configuration.