SSW Foursquare

Do you use Configuration over Key Vault?

Last updated by Andrew Harris [SSW] 4 months ago.See history

We all know that we should Store Secrets Securely using Key Vault, but did you know that rather than have developers having to deal with a combination of Key Vault and Configuration, you can abstract Key Vault out of your application code and leave developers to only have to deal with Configuration?

badkeyvault
Figure: Bad example - Having to wire up Key Vault unnecessarily

A feature of Azure AppService is the ability to use secrets from Key Vault as Configuration values. This allows you to setup a link between your AppService and a Key Vault and have Configuration values point to a Key Vault Entry.

So now rather than developers having to think about if a value is a secret or configurations, it's always configuration. It just might have its value stored securely in Key Vault.

goodkeyvault
Figure: Good example - Developers don't need to know anything about Key Vault

screenshot 2024 09 05 183121
Figure: Good example - Using Key Vault values in Azure App Service

Note: the "Pull reference values" button now available in App Service. When you update a Key Vault value, the old value is cached by App Services. You will need to use this option to refresh the value for your app.

Andrew Harris
Azure
We open source.Loving SSW Rules? Star us on GitHub. Star
Stand by... we're migrating this site to TinaCMS