Azure App Configuration — How it’s different from Azure Key Vault?
Azure App Configuration is a cloud-based managed service that helps developers and infrastructure team members to centralize and manage application configurations and feature flags. Using Azure App Configuration helps to separate application configuration from code. One of the Twelve-Factor App principles states strict separation of config from code with Azure App configuration this can be easily achieved. Azure App Configuration is now generally available as a free or paid service based on the pricing tier you choose as part of provisioning the service.
In the modern world, applications often can run in different geographical locations, can be hosted on services like App Services, virtual machines, Serverless functions, Azure Container Instance, AKS, etc. Managing application configuration for all this type of service can be done in a centralized location using App configuration which means your operations and support team members need not go to N number of places to look for application configurations. Additionally, you can set or access App configuration values from the Azure DevOps pipeline.
Provisioning Azure App Configuration
Azure App Configuration can be provisioned through Azure Portal, Azure CLI, or ARM template. If you are creating using Azure Portal following steps need to be carried out.
- Go to Azure Portal
- Click on the “Create a resource” button.
- Search for “App Configuration”
- Enter relevant details in the blade-like
- Resource Name — Name for the App configuration service
- Subscription — Select the Azure Subscription under which the service needs to be provisioned.
- Resource group — Logical grouping of resources
- Location — Geographical location for the service to be provisioned.
Benefits of Azure App Configuration
Following are a few key benefits of Azure App Configuration
- Centralized management for application configuration for all your applications. This means Single Source of Truth and avoids Duplication
- Supports Feature Management provides UI for configuring it.
- Flexible key representations and mappings — supports flat and hierarchal key management.
- Dynamically change application settings without the need to redeploy or restart an application.
- Tagging with labels — support categorizing keys using labels.
- Point-in-time snapshots that can be replayed. App Configuration stores a complete timeline in key-value changes. Supports compare configuration values for different points in time
- Built-in support for Azure Managed Identity, which means web apps, Azure functions, etc applications can easily access the application configuration without specifying credentials in code.
- Support popular framework including Java, .NET.
- Integration with Azure DevOps pipelines.
- Integration with Azure Key Vault.
- Data encryption at rest or in transit.
- A fully managed service from Azure that can be provisioned in minutes and need not worry about the underlying platform and SLA’s.
when I initially looked at the App configuration service one question that came into mind how it’s different compared to the Azure Key Vault service.
App Configuration vs Key Vault
App Configuration doesn’t replace Key Vault. Key Vault is used to store secrets (sensitive data), certificates, etc. With Key Vault you will get options for rotating passwords, certificates. App configuration is used to hold application configuration which is insensitive. App configuration is one store for application configurations for multiple applications. App configuration is well suited in a scenario like dynamically changing application settings because the application can pick changes without a restart. App configuration complements Feature Management functionality by providing feature managed user interface. App Configuration can be integrated with Azure Key Vault.
References:
https://docs.microsoft.com/en-gb/azure/azure-app-configuration/overview
Originally published at https://rajurh.blogspot.com on February 4, 2021.
