Key Vault references in App Service and Azure Functions are now available
Updated: 15 October, 2019
Introduce secrets management into your apps without code changes using Key Vault references (now generally available).
More and more organisations are adopting secrets management policies, where secrets are stored centrally with expectations around expiration and access control. Azure Key Vault provides these management capabilities to your applications in Azure, but some applications cannot easily take on code changes to start integrating with it. Key Vault references are a way to introduce secrets management into your app without code changes.
Apps hosted in App Service and Azure Functions can now simply define a reference to a secret managed in Key Vault as part of their application settings. The app’s system-assigned identity is used to securely fetch the secret and make it available to the app as an environment variable. This means that teams can just replace existing secrets stored in app settings with references to the same secret in Key Vault and the app will continue to operate as normal. This support is moving to general availability for all hosting options where it has been in preview—App Service Plan, App Service Environment, Azure Functions Consumption Plan (Windows) and Azure Functions Premium plan. Support for Azure Functions Consumption plan for Linux is coming soon.
For more information, please read the documentation.