I have an Azure Web App for a client project. The project also requires Azure SQL Databases and Blob Storage. All pieces mentioned are up and running but we've been told we can't have any password stored in the web.config or in the azure portal under application settings.
I created my Key Vault and created an access policy for the web app and my user account. If I select "secrets" in the keyvault menu I only see a few of the database connection strings but not all. I also don't see anything about the connection to our blob container.
Where exactly is keyvault pulling this information from – is it from the application settings menu for the web app or in the web.config code? I'd appreciate any clarity or direction somebody can provide.
Best Answer
For this you can follow our documentation for getting an Azure web application to read information from Azure Key Vault by using managed identities for Azure resources. Using Key Vault helps keep the information secure. You learn how to:
https://docs.microsoft.com/en-us/azure/key-vault/quick-create-net
UPDATE: We also have KeyVault References in Preview. This still uses the App Settings but doesn't store the secret, only a reference to the secret.
https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references
If you want to get familiar with Managed Identities.
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview