Practice free →
HomeAzure AZ-204cloudcomputingaz204security › An Azure Function needs to read a secret from Ke…

An Azure Function needs to read a secret from Key Vault on every cold start. What's the MOST secure recommended pattern?

AUse a managed identity on the function + a Key Vault access policy granting `Secret Get` to that identity; fetch via the Azure SDK
BEmail the secret to every developer
CDisable IAM on Key Vault entirely
DHard-code the secret in `local.settings.json` and commit it
Answer & Solution
Correct answer: A. Use a managed identity on the function + a Key Vault access policy granting `Secret Get` to that identity; fetch via the Azure SDK
MSI + Key Vault policy is the canonical secret-bootstrap pattern. The other options leak secrets or remove auth.
Solve this in the app — Azure AZ-204 practice & 24k+ MCQs →
Related questions