Add self created azure function app host key using terraform

Terraform Providers Azure
1

Is it possible to add self created host key to azure function app keys, so as to access restricted azure function using the key I have created.

3 Likes
2

I don’t see it in the old (AzureRM 2.x) or new (AzureRM 3.x) Function app options. This would be a very nice addition to AzureRM.

1 Like
3

Is this now possible? Having looked at the latest azurerm documentation, I cannot seem to see an option for this. This is a really useful function to have if possible,

1 Like
4

Hope to see this feature soon. Would be a great feature to have in terraform. Not sure why this is not considered important by the admins.

5

Not just a nice to have. I’m forced to go back to bicep because of this. AzureRM has too many such functionality holes to be truly useful to me. I like Terraform, but it’s just not up to par with the functionality in either ARM/Bicep or the REST api.

6

If you want to stay in the terraform space, in these instances you might consider the AzAPI provider.
I use this to plug the functionally gaps of the AzureRm provider on things like this when either the provider is missing a specific setting or when the provider is behind the features of the ARM API for a resource as it evolves.
It always seems to be on resources based on app services (functions, logic app standard, web apps, etc.) though :slight_smile:

A recent example:

# Provides support for setting Logic App Standard access restriction properties not 
# supported by AzureRM provider (3.61.0)
resource "azapi_update_resource" "logic_app_standard_dih_access_restriction" {
  resource_id = azurerm_logic_app_standard.logic_app_standard_dih.id
  type        = "Microsoft.Web/sites@2022-09-01"
  body = jsonencode({
    properties = {
      publicNetworkAccess = var.access_restrictions.public_network_access ? "Enabled" : "Disabled"
      siteConfig = {
        ipSecurityRestrictionsDefaultAction    = var.access_restrictions.ip_security_restriction_default
        scmIpSecurityRestrictionsDefaultAction = var.access_restrictions.scm_ip_security_restriction_default
        scmIpSecurityRestrictionsUseMain       = var.access_restrictions.scm_ip_security_restrictions_use_main
      }
    }
  })
}
8

Thanks for the idea ExtelligenceIT. After playing around a lot with the AzApi provider I have gotten the following to work. This terraform code will make a call against the Azure Rest API at the endpoint attached below to create a function-app level host secret which is another way of saying host key

resource “azapi_resource_action” “” {
type = “Microsoft.Web/sites@2024-04-01”
resource_id =
action = “host/default/functionkeys/name-of-your-key”
method = “PUT”
body = {
properties = {
value = “value-of-your-key”
}
}
}