Static cloud based resource provisioning is bad. Tools such as terraform needs a dynamic scripting language. There are so many resources created with any kinda of FQDN. And there is not alot of choices to choose from and conflict often occurs.
We need a better cloud provision tool that resolve conflict better or provides a scripting interface.
You can easily configure Azure function to pull secret value from KeyVault. First you need to setup :-
1. Azure function function -> Platform feature -> Identity -> Go ahead and turn on the identity. This is what the called Managed Identity setup as you will get an App Id (guid). Save it and then setup your vault below :-
2. In your Key Vault, Access policy -> Add New -> Select Principal -> Add the name of your Azure function app Id
3. Restart your azure function app.
4. In your settings file, you can have some an configuration entry say, CONN_WEB_APP with the following value,
BIKEClassic McElieceCRYSTALS-KYBERFrodoKEMHQCLACLEDAcrypt (merger of LEDAkem/LEDApkc)NewHopeNTRU (merger of NTRUEncrypt/NTRU-HRSS-KEM)NTRU PrimeNTS-KEMROLLO (merger of LAKE/LOCKER/Ouroboros-R)Round5 (merger of Hila5/Round2)RQCSABERSIKEThree Bears
The 9 Second Round Candidates for digital signatures are: CRYSTALS-DILITHIUMFALCONGeMSSLUOVMQDSSPicnicqTESLARainbowSPHINCS+