How do you add a reference Key (Key-vault) to Azure App Configuration from the REST API?

Question

I want to use Azure App Configuration in several apps and feed it with new secrets that are added to the Key Vault using another app. This way my apps have access to configurations and "Key Vault Reference". I don't want every developer to go and do the manual process of creating the Secret in the key Vault and them going to the Azure App Configuration and add the "Key Vault Reference".

I want to develop an app that allows me to add these specify Secrets to the key Vault and then create the "Key Vault Reference" in the Azure App Configuration, but I don't see the option to create this "Key Vault Reference" in the SDK or in the REST API for the Azure App Configuration.

Any idea, how can I do this? and why there is not and option to do this in the SDK on in the REST API?

Answer

I used Key Values - Get - REST API (Azure App Configuration) | Microsoft Learn to observe an existing key vault reference in an app configuration store. You should be able to use PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.AppConfiguration/configurationStores/{configStoreName}/keyValues/{keyValueName}?api-version=2023-03-01 passing a body similar to

{
  "properties": {
    "value": "{\"uri\":\"https://yourkeyvault.vault.azure.net/secrets/secretname\"}",
    "tags": {
      "tag1": "tagValue1",
      "tag2": "tagValue2"
    }
  }
}

For the SDK, I found azure-sdk-for-net/sdk/appconfiguration/Azure.Data.AppConfiguration/samples/Sample10_SecretReference.md at main · Azure/azure-sdk-for-net · GitHub which actually leverages SecretReferenceConfigurationSetting object which accepts the key vault secret name and key vault uri endpoint. You use this object to set the reference in the configuration store

client.SetConfigurationSetting(secretReferenceSetting);

Share via

How do you add a reference Key (Key-vault) to Azure App Configuration from the REST API?

1 answer