Unable to resolve key vault values in local environment

Thanks @Skin you were absolutely right. After reproducing this locally and digging into the docs, I came to the same conclusion.

Key Vault references using the @Microsoft.KeyVault(...) syntax do not work locally when using Azure Functions and local.settings.json. This syntax only works in Azure, where the App Service platform resolves it using the Function App's Managed Identity.

Repro Fails Locally by using @Microsoft.KeyVault(...) key vault reference.

{
  "IsEncrypted": false,
  "Values": {
    "APIBaseUrl": "@Microsoft.KeyVault(SecretUri=https://TestVault.vault.azure.net/secrets/APIBaseUrl/)"
  }
}

When I run func start locally, the value of APIBaseUrl not resolved. It was treated as a literal string.

enter image description here This only works in Azure app service, Function app where we configure a system-assigned managed identity and granted it to the key vault.

We can fix this by putting the actual secret values directly in local.settings.json while working locally. Since the Key Vault references don’t work outside Azure, hardcoding the secrets is the easiest way to make things run smoothly during development.

Replace the Key Vault reference in local.settings.json with the actual secret value for local testing:

{
  "IsEncrypted": false,
  "Values": {
    "APIBaseUrl": "https://api.example.com/"
  }
}

enter image description here Then, function will output the real secret locally. Note: - Make sure this file is never committed to git, as it may contain sensitive information like secrets and connection strings.

Please refer to the provided Microsoft Doc1, Doc2 for reference.