Overview
These labs cover how to secure App Service apps and connect to other Azure
Reference Key Vault secrets from App Service
Apps need secrets - a database password, an API token, a signing key. The tempting shortcut is to paste the secret straight into an app setting, but then the raw value lives in your configuration, shows up in exports, and has to be rotated by hand everywhere it was copied. This lab shows the recommended pattern instead: store the secret in Azure Key Vault, and point an app setting at it with a Key Vault reference. Azure App Service resolves the reference at runtime using the app's managed identity, so your app reads the secret as an ordinary environment variable - with no key, secret, or vault SDK in your code.