Keys, certificates, and secrets used in your application should never be stored in config files in clear text, or committed to source control. Whenever possible, a secure key storage should be used to manage the keys. Azure provides a hardware security module (HSM) "as a service", called Azure Key Vault. Key vault provides a way to encrypt and manage the keys in a secure fashion, and allows developers to "bring their own keys". To learn more about Azure Key Vault, please visit https://docs.microsoft.com/en-us/azure/key-vault/key-vault-whatis.
At the time of this writing, configuring Azure Functions integration with Key Vault is a manual process. A more streamlined integration for securing function keys will be added ...