One way to encrypt the app settings JSON file, is to run
func settings encrypt
from the directory that contains the
appsettings.json
.
We can also add new encrypted settings with
func settings add SOME_NAME some_value
.
Caveat: this has limited utility, because the user that encrypted the data is the only user that can decrypt it. The encryption uses
DataProtectionScope.CurrentUser
. (See the source code for this is in the
SecretManager
class in the
https://github.com/Azure/azure-functions-cli
repository). The nuances of encrypting on one machine and decrypting on another machine
are explained in the "DPAPI and Roaming Profiles section" of this document
.