Azure Function App use latest version of Key Vault Secret via Application Settings

Question

I have a Linux Function App running on Consumption Plan that is using a Key Vault Reference in the Application Settings to retrieve and use a secret stored in an Azure Key Vault.

This works fine so far.

However, we have to change that secret every day (i.e. create a new version of that secret in the Key Vault and set an activation date for that secret) and would like to have the Function App automatically retrieve and use the new version as soon as its activated without having to manually change the Kev Vault reference to the new version of the secret.

Is this currently possible and how can this be achieved?

Answer 1

This is now supported.

https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references#rotation

If a version is not specified in the reference, then the app will use the latest version that exists in Key Vault. When newer versions become available, such as with a rotation event, the app will automatically update and begin using the latest version within one day. Any configuration changes made to the app will cause an immediate update to the latest versions of all referenced secrets.