Skip to main content
Glimpse - Key Vault Vs App Configuration for App service

In this post, we are jsut going to see glimpse of comparison between Keyvaukt and App Configuration for App services references.

Why we are comparing these two?

Recently App Configuration references on App Service become Generally Available and it can complements Keyvault.

Let us consider a scenario that we need to have client-id and secret which will be used in an API call for authentication from Azure function app/ App service / Logic App standard, in a secure place.
So, Here we come to know 2 azure native services are as follows

  1. Azure Keyvault
  2. Azure App Configuration

Azure people(we) typically use keyvault to handle secrets in secure way whereas App Configuration also complements Azure Keyvault then which is better or in which scenario we can pick either of the one.

According to me,
We can go for keyvault

  • when we need to handle secrets environment specific. Here, environment refers to, Dev, QA and Prod.
  • when need of hardware-level encryption
  • when granular level access required
  • when need to perform certificate rotation

  • When a data or secret which is common across all the environments, we can go for App Configuration which is central place to have secrets/configuration details.

You can use below references in Environment Variables section of App Service as below.
@Microsoft.KeyVault - @Microsoft.KeyVault(VaultName=myvault;SecretName=mysecret) - App service retrieves "mysecret" value from "myvault" @Microsoft.AppConfiguration - @Microsoft.AppConfiguration(Endpoint=https://myAppConfigStore.azconfig.io; Key=myAppConfigKey)​ - App service retrieves the value of key called myAppConfigKey from App Configuration. Your thoughts are Welcome!

Comments

Post a Comment

Popular posts from this blog

Azure Devops Bypass policy when code push - Glimpse Devops is a culture most of the organizations embrace it. In this article let's see what is branch policy in Azure Devops (ADO). Before that, we need to know what is policy (aka) Branch policy in ADO Branch policy has set of policies to be applied on the branch typically main. By that we avoid accidental activity. Few are as Reviewers required to view the code change before move to main/master branch work item - ADO's user story / task / bug etc., any of the item number should be linked Consider a scenario that your organization's existing project has some policies like most recent code pusher can not push code again. Very rare case may happen or not, a senior developer needs a exclusion to fix an urgent pre-prod/production incident. So He/She does not want to be in that case. They want to push their code often when discussing with client manager or customer So, how can we override the bran
Post a Comment
Read more
Find your azure service/resource tab easily in chrome using an extension Irrespective of role like Azure devops, developer, network engineer, architect etc., we typically use azure portal primarily While working on issues and/or in presentation, we may require to have multiple azure tabs with different services Here consider a scenario that I am analysing an issue from logic app which uses azure function. So I need to visit logic app, function app and application insights if enabled. If we use single tab, it will take more time. So, we can have multiple tabs. Here logic app, azure function and application insights in each tab I would have. yes. It will save our time but consider that sometimes we would have more than 10 tabs at that time we may not know which tab has which resource because all browsers have A icon. So, while navigating, we may get annoyed. So, What's the solution when we use more tabs? Here we've a nice feature in chrome browser which provid
Post a Comment
Read more