Sharing same key vault for storing azure web job secret for app and slot(Or two different app) is not working

[BalakumaranGunasekaran]

I was working on a setup with AzureWebJobsSecretStorageKeyVaultUri where the access keys will be stored inside the key vault for both Prod and stage slot. During this setup I observed for both stage and prod slot , the secrets are stored with same name as shown below in the screenshot for both master and function keys. So in this case, both stage and prod will be stored using the same name if the cx is using the same key vault in stage and prod slot.There is no differentiation in the app name while storing the secrets in the key vault.

• Can we append function app host name to this key which will allow cx to store secrets of different apps in same key vault?

[bhagyshricompany]

Azure Key Vault itself does not natively support appending the function app host name to secret keys stored within it. Azure Key Vault is designed to store secrets and keys securely, and it relies on unique secret names to identify and access those secrets.Create a Naming Convention: Establish a naming convention for your secrets that includes the function app host name. For example, you could use "FunctionAppName-SecretName" as the format.

[BalakumaranGunasekaran]

Can i know how we can include the host name from the function app ?

[nzthiago]

The KV repository does not scope things by host ID like the others. The expectation, today, is that different apps will use different vaults. The documentation here now has a note on this that says:

Important

Secrets aren't scoped to individual function apps through the AzureWebJobsSecretStorageKeyVaultUri setting. If multiple function apps are configured to use the same Key Vault they share the same secrets, potentially leading to key collisions or overwrites. To avoid unintended behavior, we recommend that you use a separate Key Vault instance for each function app.