When working with Azure, we should always put our secrets into a secure store, such as Key Vault. This ensures that we can limit who can see the values of our secrets, while still being able to work with them. How we work with these secrets is different over the various services, and in this article we will focus on Logic Apps, while other services will be explained in their own posts later on.
In Logic Apps we often will need some sort of secret, for example a subscription key for API Management, or a SAS key for Event Grid. In the scenario for this blog post we are going to send our secret to a RequestBin endpoint, so we can see that we indeed get the correct value.
We use Key Vault extensively in our solutions, to store any secrets we might need. For example in an API through code, in Azure Functions via the application settings, or in a Logic App through a REST call. If you go to your secrets in Key Vault, you will notice that the link to the secret includes a version number, in the format of https://kv-we-retrieve-kv-secret.vault.azure.net/secrets/MySecretValue/80df3e46ffcd4f1cb187f79905e9a1e8.
Of course, this is great if we want to reference a specific version of a secret. However, often we will just want to reference the latest version, so we stay up to date even when the secret has been changed, for example because it is a rotating password.
It turns out, this is very easy, without the need to update the version number in all our applications whenever a new version is created. This is done by just omitting the version number from our link! So the will instead look like https://kv-we-retrieve-kv-secret.vault.azure.net/secrets/MySecretValue/.
Important to notice is the trailing slash ( / ), which needs to be included, otherwise you will just get a 404 error.
Often you will have to get some content from your messages, and use this to set the filename of your outgoing files, in our case we needed to use a sequencenumber. I will show a way to do this using a pipeline component in a streaming matter.
Welcome to my blog. First, let me introduce myself. My name is Eldert Grootenboer, I live in the Netherlands, and I work as a BizTalk developer at a large IT consultancy company.
I have set this blog up to have a single point of reference for solutions for the problems I find in my daily work, and hopefully others will find these posts helpful as well. These solutions can be either things I come up with myself, things I learn from my collegues or things I have found on the internet (and often a combination of these).
If you have any questions, don’t hesitate to contact me.