Managing AppSettings and Secrets With Azure

This documentation provides guidance on managing application settings and secrets efficiently using Azure services. It includes best practices for secure storage, retrieval, and management of sensitive configuration data in your applications.

Key Concepts

Azure AppConfiguration can manage appsettings, secrets and feature flags. These can be imported via a JSON file, that can be defined next to the application code, and deployed to the AppConfiguration instance via the same GitHub Action used by the application.

The application needs to use the methods provided by the official Azure App Configuration SDK (e.g., for Node.js or Java) to fetch settings, secrets and feature flags at runtime. SDKs support hot reload of settings, so that changes in the AppConfiguration instance are reflected in the application without requiring a restart/deploy. Feature flags offer flexibility in dynamically enabling or disabling features without redeploying the application, using built-in or custom rules.

Applications can also access secrets stored in KeyVault through AppConfiguration, simplifying the management of sensitive data.

Moreover, it removes the need to set environment variables via Terraform, which slows down development and deployment, rather than storing sensitive configuration data directly in the Terraform state file.

A collection of code samples is available on GitHub.

Key Topics

• Setting up Azure AppConfiguration and KeyVault: Detailed instructions on how to set up and use Azure AppConfiguration service for managing application settings and secrets.
• Defining Application Settings, Secrets and Feature Flags: Guide on how to define and organize application settings, secrets, and feature flags within Azure AppConfiguration and KeyVault.
• Updating GitHub Actions to deploy settings and secrets within the application: Guide on deploying application settings and secrets to Azure App Configuration instance.