public static void Run([TimerTrigger("0 */30 * * * *")] TimerInfo myTimer, TraceWriter log) { AzureServiceTokenProvider azureServiceTokenProvider = new AzureServiceTokenProvider(); KeyVaultClient kv = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback)); //signedPermissions: Allowed values: (a)dd(c)reate(d)elete(l)ist(p)rocess(r)ead(u)pdate(w)rite //signedServices: Allowed values: (b)lob(f)ile(q)ueue(t)able //signedResourceTypes: Allowed values: (s)ervice(c)ontainer(o)bject string _sasName = "blobrwu4hours"; Dictionary <string, string> _sasProperties = new Dictionary <string, string>() { { "sasType", "account" }, { "signedProtocols", "https" }, { "signedServices", "b" }, { "signedResourceTypes", "sco" }, { "signedPermissions", "rwu" }, { "signedVersion", "2017-11-09" }, { "validityPeriod", "PT4H" } }; SasDefinitionAttributes _sasDefinitionAttributes = new SasDefinitionAttributes(enabled: true); try { //Sas definition create/update should be in a different function var setSas = Task.Run( () => kv.SetSasDefinitionAsync(_vaultBaseUrl, _storageAccountName, _sasName, _sasProperties, _sasDefinitionAttributes)) .ConfigureAwait(false).GetAwaiter().GetResult(); log.Info("Sas definition created!"); secret = Task.Run( () => kv.GetSecretAsync(_vaultBaseUrl, $"{_storageAccountName}-{_sasName}")) .ConfigureAwait(false).GetAwaiter().GetResult(); base64sas = Convert.ToBase64String(Encoding.UTF8.GetBytes(secret.Value)); log.Info($"Here there is the base 64 encoded secret: {secret.Value}"); sshPrivateKey = Task.Run( () => kv.GetSecretAsync(_vaultBaseUrl, $"privatekey")) .ConfigureAwait(false).GetAwaiter().GetResult(); log.Info($"Retrieved {sshPrivateKey.Id}"); } catch (Exception ex) { log.Info($"Something went wrong with KeyVault: {ex.Message}"); } try { //By choice we do not have passphrase for the key stored in Key Vault PrivateKeyFile privKey = new PrivateKeyFile(new MemoryStream(Encoding.UTF8.GetBytes(sshPrivateKey.Value))); using (var client = new SshClient(host, 22, sshUsername, privKey)) { byte[] expectedFingerPrint = StringToByteArray(sshPubKeyFingerprint); client.HostKeyReceived += (sender, e) => { if (expectedFingerPrint.Length == e.FingerPrint.Length) { for (var i = 0; i < expectedFingerPrint.Length; i++) { if (expectedFingerPrint[i] != e.FingerPrint[i]) { e.CanTrust = false; break; } } } else { e.CanTrust = false; } }; client.Connect(); var delete = client.CreateCommand($"kubectl delete secret {kubernetesSecretName}").Execute(); log.Info(delete); var create = client.CreateCommand($"kubectl create secret generic {kubernetesSecretName} --from-literal=secretKey={base64sas}").Execute(); log.Info(create); client.Disconnect(); } } catch (Exception ex) { log.Error($"Something went wrong with Kubernetes: {ex.Message}"); } }