Share via

Need to use service principal in datalake connection string instead of storage key

Rahul Balayya (LTIMINDTREE LIMITED) 60 Reputation points Microsoft Vendor
2024-09-14T07:13:44.0966667+00:00

Hello Team,

I hope you are doing well.

Currently in function app customer using connection string which is consist of storage key but now he wants to use service principal in connection string please let me know how to format connection string: current connection string is like that:

DefaultEndpointsProtocol=https;AccountName=?????????????????=??????????????????????????????/????????????????????/??????????/???????+1+???????????==

Customer later stated he need to connect from AZURE FUNCTION APP only.

So just want to know how to define azure storage queue connection in function.json file with Service principal.

Please any help will be much appreciated. Many thanks

Azure Data Lake Storage
Azure Data Lake Storage
An Azure service that provides an enterprise-wide hyper-scale repository for big data analytic workloads and is integrated with Azure Blob Storage.
1,466 questions
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,114 questions
Azure Databricks
Azure Databricks
An Apache Spark-based analytics platform optimized for Azure.
2,164 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,679 questions
0 comments
Accepted answer
  1. Vinodh247 18,906 Reputation points
    2024-09-15T10:48:01.12+00:00

    Better you need to avoid the conn string format that uses the storage key and instead leverage Azure Active Directory (Azure AD) auth.

    Here is how you can configure it:

    1. Create a Service Principal: If you haven't already, register an application in Azure Active Directory and assign the necessary role (such as "Storage Blob Data Contributor") to the service principal on the target Azure Storage account.
    2. Add necessary information to the configuration: In your Function App's local.settings.json or in the Azure portal under "Configuration" for the Function App, define the following environment variables:
      • AZURE_CLIENT_ID: The client ID of the service principal.
      • AZURE_CLIENT_SECRET: The client secret for the service principal.
      • AZURE_TENANT_ID: The tenant ID of your Azure AD.
      • STORAGE_ACCOUNT_NAME: Your Azure Storage account name.
    3. Use Azure SDK with DefaultAzureCredential: When connecting to the storage account, use the Azure SDKs that support Azure AD authentication, such as the @azure/storage-blob package in Node.js or Azure.Storage.Blobs in C#.
    4. Azure Function's function.json: If you need to configure this in your function.json, you typically won’t pass the connection string directly like in the storage key approach. Instead, use environment variables and pass the account name and the authentication details programmatically in your function code. This method removes the need to store sensitive keys in your configuration and uses the more secure AAD authentication via the service principal
    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.