In this module, you secured an app's secret configuration in Azure Key Vault. Your app code authenticated to the vault with a managed identity, and automatically loaded the secrets from the vault into memory at startup.

Clean up

The sandbox automatically cleans up your resources when you're finished with this module.

When you're working in your own subscription, it's a good idea at the end of a project to identify whether you still need the resources you created. Resources that you leave running can cost you money. You can delete resources individually or delete the resource group to delete the entire set of resources.

To clean up your Cloud Shell storage, delete the KeyVaultDemoApp directory.

Next steps

If this was a real app, what would come next?

  • Put all your app secrets in your vaults! There's no longer any reason to have them in configuration files.
  • Continue to develop the app. Your production environment is all set up, so you don't need to repeat all the setup for future deployments.
  • To support development, create a development-environment vault that contains secrets with the same names but different values. Grant permissions to the development team and configure the vault name in the app's development-environment configuration file. Configuration depends on your implementation: for ASP.NET Core, AddAzureKeyVault will automatically detect local installations of Visual Studio and the Azure CLI and use Azure credentials configured in those apps to sign in and access the vault. For Node.js, you can create a development-environment service principal with permissions to the vault and have the app authenticate using loginWithServicePrincipalSecret.
  • Create more environments for purposes like user acceptance testing.
  • Separate vaults across different subscriptions and/or resource groups to isolate them.
  • Grant access to other environment vaults to the appropriate people.

Further reading

Check your knowledge


Which of the following is not a benefit of Azure Key Vault?


Which of these statements best describes Azure Key Vault's authentication and authorization process?


How does Azure Key Vault help protect your secrets after they have been loaded by your app?