Azurecloud~30 mins

Key Vault references in App Service in Azure - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Using Key Vault References in Azure App Service

📖 Scenario: You are building a secure web application hosted on Azure App Service. To keep sensitive information safe, you want to use Azure Key Vault to store secrets like database connection strings. Your goal is to configure your App Service to reference these secrets directly from Key Vault without exposing them in your app code.

🎯 Goal: Configure an Azure App Service to use Key Vault references for accessing secrets securely. You will create a Key Vault with secrets, set up an App Service, and link the secrets using Key Vault references in the App Service configuration.

📋 What You'll Learn

Create an Azure Key Vault named myKeyVault with two secrets: DbConnectionString and ApiKey with exact values.

Create an Azure App Service named myAppService.

Add a configuration setting in myAppService that references the DbConnectionString secret from myKeyVault using Key Vault references syntax.

Add a configuration setting in myAppService that references the ApiKey secret from myKeyVault using Key Vault references syntax.

💡 Why This Matters

🌍 Real World

Many cloud applications need to keep secrets like passwords and API keys safe. Using Azure Key Vault references in App Service is a common way to do this securely without hardcoding secrets.

💼 Career

Cloud engineers and developers often configure secure secret management for applications. Knowing how to use Key Vault references is essential for secure cloud deployments.

Progress0 / 4 steps

Create Azure Key Vault with Secrets

Create an Azure Key Vault named myKeyVault. Add two secrets to it: DbConnectionString with value Server=myserver;Database=mydb;User Id=myuser;Password=mypassword; and ApiKey with value 12345-abcde-67890-fghij.

Azure

# Create Azure Key Vault and add secrets
# Your code here

Need a hint?

Use az keyvault create to create the vault and az keyvault secret set to add secrets.

Create Azure App Service

Create an Azure App Service named myAppService in the resource group myResourceGroup and location eastus. Use the az webapp create command.

Azure

az keyvault create --name myKeyVault --resource-group myResourceGroup --location eastus
az keyvault secret set --vault-name myKeyVault --name DbConnectionString --value "Server=myserver;Database=mydb;User Id=myuser;Password=mypassword;"
az keyvault secret set --vault-name myKeyVault --name ApiKey --value "12345-abcde-67890-fghij"
# Create Azure App Service named myAppService
# Your code here

Need a hint?

Use az webapp create with the name myAppService and specify the resource group and location. Remember to create an App Service plan first.

Add Key Vault Reference for DbConnectionString

Add an application setting to myAppService named DbConnectionString that references the secret DbConnectionString from myKeyVault using the Key Vault reference syntax: @Microsoft.KeyVault(SecretUri=https://myKeyVault.vault.azure.net/secrets/DbConnectionString/).

Azure

az keyvault create --name myKeyVault --resource-group myResourceGroup --location eastus
az keyvault secret set --vault-name myKeyVault --name DbConnectionString --value "Server=myserver;Database=mydb;User Id=myuser;Password=mypassword;"
az keyvault secret set --vault-name myKeyVault --name ApiKey --value "12345-abcde-67890-fghij"
az appservice plan create --name myAppServicePlan --resource-group myResourceGroup --location eastus --sku B1
az webapp create --name myAppService --resource-group myResourceGroup --plan myAppServicePlan --runtime "DOTNET|6.0" --location eastus
# Add app setting DbConnectionString with Key Vault reference
# Your code here

Need a hint?

Use az webapp config appsettings set to add the setting with the Key Vault reference syntax.

Add Key Vault Reference for ApiKey

Add an application setting to myAppService named ApiKey that references the secret ApiKey from myKeyVault using the Key Vault reference syntax: @Microsoft.KeyVault(SecretUri=https://myKeyVault.vault.azure.net/secrets/ApiKey/).

Azure

az keyvault create --name myKeyVault --resource-group myResourceGroup --location eastus
az keyvault secret set --vault-name myKeyVault --name DbConnectionString --value "Server=myserver;Database=mydb;User Id=myuser;Password=mypassword;"
az keyvault secret set --vault-name myKeyVault --name ApiKey --value "12345-abcde-67890-fghij"
az appservice plan create --name myAppServicePlan --resource-group myResourceGroup --location eastus --sku B1
az webapp create --name myAppService --resource-group myResourceGroup --plan myAppServicePlan --runtime "DOTNET|6.0" --location eastus
az webapp config appsettings set --name myAppService --resource-group myResourceGroup --settings DbConnectionString="@Microsoft.KeyVault(SecretUri=https://myKeyVault.vault.azure.net/secrets/DbConnectionString/)"
# Add app setting ApiKey with Key Vault reference
# Your code here

Need a hint?

Use az webapp config appsettings set again to add the ApiKey setting with the Key Vault reference syntax.