Update the secret identifier URL in the application settings of a azure web app

Question

I have been searching around and found two articles on StackOverflow with a link to an possible answer, but unfortunately the links are not working anymore.

The situation is:

1. I have a Azure Key Vault with secrets.
2. I have azure web apps which have access to the key vault.
3. In the application settings I am refering to the secret identifier.
4. When I update the secret it gets a new secret identifier URL.
5. I want to automatic update the appsettings in the azure web app.

Is this all possible? I was not able to find a working solution unfortunately and hoping that one of you can help me sort this out.

I tried using Azure Logic apps, i can retrieve the new secret identifier, but didn't find the possibility to pass it to the azure web app.

Answer 1

Yes, whenever we update the secret value, a new Secret Identifier with latest version ID is generated.

• If we set the value of the Secret URI along with ID, we need to update it every time after the modification.

@Microsoft.KeyVault(SecretUri=https://kvharshitha.vault.azure.net/secrets/KVSecret/401****788d4a6c8****815c83)

This works only if you have a single secret value.

• To avoid this, set the value only with secret name excluding the ID.

• If you have more than 1 version of the Secret, then remove the Secret Identifier ID.

@Microsoft.KeyVault(SecretUri=https://kvharshitha.vault.azure.net/secrets/KVSecret/)

• This will allow the app to pick the current version value.
• You can see I have 3 versions of Secret Values.

• I have added the appsetting only with Secret Name excluding the ID.Output is shown with Current Version Value of the Secret.