App Configuration

 

App Configuration

App configuration is an independent store for application configuration settings with security. App Configuration is not tied to any application or a continuous integration platform. It is simply tied to Azure.

It is a very flexible key/value pair store that manages application settings and controls their access centrally. It also simplifies deployment tasks and eases the burden of dealing with permutations of configurations created by multiple applications, dependencies, and environments.

App Configuration also allows adding labels that can be used to maintain values of different environments (such as dev, stage & prod) for a single config property.

Labels are optional fields for a key-value pair, that can be used to differentiate key values with the same key. For instance, a key APIBaseURL with labels staging and prod, is two separate keys in an App Configuration store.

Key Vaults

Key Vaults is a service that allows storing confidential values/secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys. As an example, we can store API keys, database hostnames, and database passwords on Azure Key Vault.

Azure Key Vault also allows storing third-party/self-signed certificates that can be accessed from the application for third-party authentication/authorization purposes.

 

How Can We Use App Config and Key Vault Effectively to Store Configuration Data?

We are going to create a configuration for our application which has two config properties:

• APIBaseURL (value will be stored directly in app config)
• ClientId (will read its value from key vault as it contains sensitive information)

 

Steps to Create App Configuration on Azure Portal

Ensure that you have adequate permissions to create Azure app config and key vault on Azure portal.

Search for App Configuration service on Azure portal, select it, and you will be presented with the following screen showing a list of App Configurations that already exist. To create a new one, click the “create” button and make the appropriate selections:

 

Next, select the “Review + Create” button.

Click on TestAppConfig and go to configuration explorer which will allow the creation of new key-value pairs.

Different ways to define key-values on App Configuration:

• Directly define the values of keys which do not contain sensitive information
• Read the value from Key Vault in case the value for a key contains sensitive information like password, clientId, client-secret, API Key etc.
• Import key/values using JSON file containing config data

Please see the below screenshot where two configuration keys have been created:

Key with direct value:

Key with value being referenced from key vault secret:

 

TestApplicationConfig:APISettings:APIBaseURL has four different values for different environments. 

TestApplicationConfig:APISettings:ClientId has three different values that are read from three different secrets of Azure key vault as it contains sensitive information.

C# class for this configuration would look like:

Steps to Create Key Vault on Azure Portal

The following section outlines the creation of secrets on Azure key vault (please see the prior section related to TestApplicationConfig:APISettings:ClientId):

Search & select Key Vault service on Azure portal. You will be presented with a screen showing a list of Key Vaults that already exist and a button that allows you to create a new one.

Click on the create button to create a new key vault. Define the resource group, name of your key vault, and pricing tier:

Click on the “Review + Create” button.

Click on testapplication-kv key vault from the list and go to the Secrets section to create and store the secrets of the application. 

To create a new secret, click on Generate/Import button and define the name and value of your secret. You can also set the expiration date of that particular secret by setting an expiration date.