Azure Logic App - How to use secret as password in a File system trigger

Question

I need to create a File System trigger that whenever a new file is created in an on premise machine, it executes a pipeline in Data Factory. Such trigger requires a password that is currently stored in a Key Vault. I can get the secret value using a Get Secret Action but I don't see a way of adding dynamic content to the trigger.

Is there a workaround?

Thanks

I tried different triggers but I'm only able to add dynamic content to a HTTP trigger, which I don't think I can use it for my use case.

Answer 1

If you are talking about File trigger in Logic Apps, this is achievable if you deploy your connections (ARM/Bicep). The "[parameters('myfilesharepw')]" value can be retrieve from KeyVault from ex. Azure Devops during deploy

example:

          {
        "type": "Microsoft.Web/connections",
        "apiVersion": "2016-06-01",
        "name": "[variables('connectionName')]",
        "location": "westeurope",
        "kind": "V2",
        "properties": {
            "displayName": "[variables('connectionName')]",
            "statuses": [
                {
                    "status": "Connected"
                }
            ],
            "parameterValues" :{
                  "username": "[parameters('myfileshareuser')]",
                  "password": "[parameters('myfilesharepw')]",
                  "rootfolder":  "[parameters('rootfolder')]",    
                "authType": "windows",
                "gateway": {
                    "name": "mydatagateway.com",
                    "id": "[parameters('connectionGateway')]",
                    "type": "Microsoft.Web/connectionGateways"
                }
            },
            "customParameterValues": {},
            "nonSecretParameterValues": {},
            "api": {
                "name": "[variables('connectionName')]",
                "displayName": "[variables('connectionName')]",
                "id": "[concat('/subscriptions/',subscription().subscriptionId,'/providers/Microsoft.Web/locations/',variables('location'),'/managedApis/filesystem')]",
                "type": "Microsoft.Web/locations/managedApis"
            },
            "testLinks": []
        }
    }

Answer 2

As mentioned by @Skin, you cannot add dynamic content in logic app triggers.

• For triggers of all types of connectors like SFTP, share point or Azure storage, connection will be established in trigger itself.
• Once connection established then only we can browse or select folders and files so we can not pass dynamic content in logic app triggers.
• One of the alternatives is to send the secret value in http request body from key vault.
• ASFAIK, dynamic content can be added in HTTP trigger body only. In this trigger you can define request body in Json format and send secret value from key vault in request body while sending request to trigger.
• Dynamic content will come in place if there is a scenario to take previous actions output or input. As trigger is a starting point, we can not get dynamic content in trigger itself.