Azure App configuration

Implement Azure Security for Developers

Anushika Agarwal

Cloud Data Engineer

What Is Azure App configuration?

  • Central store for app settings

  • Update or toggle features without redeploying

  • Fully managed with built-in security

Azure App Configuration

Implement Azure Security for Developers

PeopleSphere with App Configuration

PeopleSphere example with Azure App Configuration

Implement Azure Security for Developers

App Config storage: keys

Settings are stored as key value pairs

Keys

  • Name each setting uniquely
  • Format:
    • Flat: LoginRules
    • Hierarchical:PeopleSphere:HR:ThemeColor

Key Values

Implement Azure Security for Developers

Labels in App configuration

  • Labels are optional
  • Allow multiple versions of a key

Labels in App Configuration

Implement Azure Security for Developers

App config storage: values

Settings are stored as key value pairs

Values

  • Values store the actual data

  • Support all characters (Unicode strings)

  • Metadata can be added

  • Encrypted at rest and in transit

    • Excluding Metadata

Key Values

Implement Azure Security for Developers

Feature management

  • Examples: dark mode, beta access, or banners
  • Toggle features without code changes or redeployments

Feature Management

  • Feature Flags
    • Simple ON/OFF switches
  • Feature Manager
    • Typically a library or SDK
    • Evaluates flag states
    • Handles caching and updates
  • Filters
    • Rule-based conditions
    • Example: user group, time window, locations
Implement Azure Security for Developers

Securing data in Azure App configuration

Data Protection in Azure App Configuration

Implement Azure Security for Developers

Customer-managed keys

  • Bring your own keys from Azure Key Vault
  • Accessed via Managed Identity
  • Key is wrapped & cached (1 hour)
  • Auto-refresh keeps it in sync

Customer-Managed Keys

Implement Azure Security for Developers

Secure with private endpoints

  • Isolate traffic using private IPs from your VNet

  • No exposure to public internet

  • Ideal for secure, internal-only communication

  • Enforce access with firewall rules

  • Enable on-prem access via VPN/ExpressRoute

Private Endpoints

Implement Azure Security for Developers

Securing with managed identities

What is Managed Identities?

  • Azure-managed identity for your app

  • No secrets stored in code

Types

  • System-assigned
    • Created automatically for one app
    • Removed when the app is deleted

  • User-assigned
    • Created manually
    • Reusable across multiple apps or services
Implement Azure Security for Developers

Let's practice!

Implement Azure Security for Developers

Preparing Video For Download...