You are developing an Azure Function that processes data from an Azure Blob Storage account. You want to ensure that the function has the necessary permissions to read from the Blob Storage without exposing any secrets in the code. What is the best approach to achieve this?