Today i learned

How to reference Azure Key Vault values without secret versions

Wed Apr 8, 2020

On my team we are beginning to use Azure Key Vaults to keep connection strings and other secrets out of our codebase and behind safeguards (both from developers 😅 and possible intruders 😱) in Azure Key Vault.

We are already heavy users of Azure App Service and Azure Key Vaults have a nice feature to reference Key Vaults values directly through the configuration settings of the App Service. This enables us to use Key Vaults on older projects without changing the codebase.

But we had some troubles getting it to work. In our use-case we would like our applications to always use the latest value of a secret and not a defined version (ex. to enable rotation of credentials). All the documentation got examples WITH secret versions. But we learned that the following syntax actually works:

@Microsoft.KeyVault(SecretUri=https://[MYKEYVAULT].vault.azure.net/secrets/[MYSECRET]/)

Not documented, but had a small chat with the documentation team 🤝

Hoping to save some hours of rubber ducking….

Your feedback is very valuable for me. Reach out to me at Twitter @jacobmohl