Skip to main content
Glimpse - Key Vault Vs App Configuration for App service

In this post, we are jsut going to see glimpse of comparison between Keyvaukt and App Configuration for App services references.

Why we are comparing these two?

Recently App Configuration references on App Service become Generally Available and it can complements Keyvault.

Let us consider a scenario that we need to have client-id and secret which will be used in an API call for authentication from Azure function app/ App service / Logic App standard, in a secure place.
So, Here we come to know 2 azure native services are as follows

  1. Azure Keyvault
  2. Azure App Configuration

Azure people(we) typically use keyvault to handle secrets in secure way whereas App Configuration also complements Azure Keyvault then which is better or in which scenario we can pick either of the one.

According to me,
We can go for keyvault

  • when we need to handle secrets environment specific. Here, environment refers to, Dev, QA and Prod.
  • when need of hardware-level encryption
  • when granular level access required
  • when need to perform certificate rotation

  • When a data or secret which is common across all the environments, we can go for App Configuration which is central place to have secrets/configuration details.

You can use below references in Environment Variables section of App Service as below.
@Microsoft.KeyVault - @Microsoft.KeyVault(VaultName=myvault;SecretName=mysecret) - App service retrieves "mysecret" value from "myvault" @Microsoft.AppConfiguration - @Microsoft.AppConfiguration(Endpoint=https://myAppConfigStore.azconfig.io; Key=myAppConfigKey)​ - App service retrieves the value of key called myAppConfigKey from App Configuration. Your thoughts are Welcome!

Comments

Popular posts from this blog

Azure Public IP(s) are zone redundant free of cost natively - Generally Available Availability zone gives high availability to an application as well as information by forestalling the physical datacenter disappointments by involving replication of the asset in extra datacenter. Azure typically has 3 zones per region (and not all regions support zone). Thus, while setting up the environment we really want to pick the right region based on our usecase. Public IP helps to access a resource or an application publicly. Azure offers 2 types of SKU for public IP as below Basic Standard Only Standard SKU gives zone facility. Basic SKU is always non-zonal and this SKU also will be retired 09/2025. Standard public IP can be fell into any of the below category No Zone / Non-Zonal - No availability zone at all Zonal - Our services can be replicated in any one of selected zones from three zones. Zone redundant - Resource will be replicated in all 3 zones. It is opposite of...
Azure Static Web Apps - Plan Comparison #cloud #azure Hi All! Azure Static web app is a good service when we have static web apps like javacript frameworks and libraries applictions (Ex: Angular, React, Svelte, Vue, Blazor). It also supports Python 3.10 based static web app as well as per the latest azure news. Other advantage of it is coupled with your Azure AD. so that your code can be directly pushed to azure static web app via either Azure DevOps or Github whenever code push occurs. At the time of azure static web app creation, it asks for deployment source as any one of the below. Based on the selection, it allows you to select the organization, project and repositories from the source. Azure DevOps - Azure AD connected Devops organizations will be listed out Github Other - For ex: If you want to deploy code from other organization. Below table will be helpful to choose the best pricing plan for your workload. Plan/Feature Free Standard ...
Azure Devops - How to use classic pipeline variable group in YAML pipeline Hi All! When we need to use a group of variables in a pipeline, we can go for variable group instead of variables. The main usage of variable group is that can be used it across multiple pipelines in the same project. For example, I have a below variable group in my azure Devops. By default variable groups can be used across classic pipelines without any explicit permission granted but that variable group could not be used by YAML pipelines typically. So, How how can I use that variable group in my YAML pipeline? We can achieve it through "Pipeline permissions" option on top of variable group page. In the below image, I grant permission to my dotnet6app YAML pipeline to use variable group We can revoke if we don't need a YAML pipeline should not access variable group as below. Now, I want my all pipelines should use variable group. I don't want manual intervent...