Here is a quick rundown of the new configuration options available for secrets in App Service and Azure Functions.
-
- Expanded networking support from Key Vault references is now available on both Windows and Linux.
- It is now possible to designate a user-assigned identity.
- Apps are now able to access their content package from blob storage using app identity.
- Through Key Vault references, apps can use a managed identity to resolve secrets from Azure Key Vault and expose them as environment variables.
- Linux apps (as well as the previously announced Windows apps) can now use virtual network integrations when resolving secrets from Key Vault.
- Restrictions are gone for using networking integration and autorotation together.
- You can now specify a user-assigned identity instead of the app’s system-assigned identity for accessing app secrets. This means an identity can be assigned permission before the app is created.
- Apps can now simply use a managed identity, as long as the app has access to the storage account.
- Azure Functions now has preview identity-based connection support. This means system-assigned or user-assigned identities can be used for the Functions runtime, triggers and bindings.
Find Out More
Here are some handy links to find out more:
- Use Key Vault references – Azure App Service | Microsoft Docs
- Run your app from a ZIP package – Azure App Service | Microsoft Docs
- Managed identities – Azure App Service | Microsoft Docs
- Public preview: Identity-based connections in Azure Functions with latest Azure SDK triggers and bindings | Azure updates | Microsoft Azure