Environment variables in Azure App Service allow you to configure application settings, connection strings, API keys, and feature flags without modifying source code. This supports secure configuration management, environment-specific deployment (Development, Staging, Production), and CI/CD automation.
In ASP.NET Core and other .NET applications, environment variables are commonly used to override values in appsettings.json and manage secrets securely in cloud deployments.
This article provides a complete guide to configuring environment variables in Azure App Service, including portal configuration, CLI commands, configuration binding in .NET, slot settings, security best practices, and real-world deployment strategies.
Why Use Environment Variables in Azure App Service?
Hardcoding configuration values in source code leads to:
Environment variables enable:
Separation of code and configuration
Secure secret management
Environment-based overrides
Zero-downtime configuration changes
CI/CD automation compatibility
Azure App Service stores environment variables as Application Settings.
Configuration Hierarchy in ASP.NET Core
ASP.NET Core loads configuration in the following order (later sources override earlier ones):
appsettings.json
appsettings.{Environment}.json
User secrets (local development)
Environment variables
Command-line arguments
Environment variables override values from appsettings.json automatically.
Method 1: Configure Environment Variables via Azure Portal
Step-by-step:
Go to Azure Portal
Navigate to App Service
Select Configuration
Open Application settings tab
Click + New application setting
Add Key and Value
Click Save
Restart application (if required)
Example:
Key: Jwt__Key
Value: SuperSecretKey
Note: Use double underscore (__) to represent nested configuration sections in .NET.
Example mapping to appsettings.json:
{
"Jwt": {
"Key": "DefaultValue"
}
}
Environment variable override:
Jwt__Key = SuperSecretKey
Method 2: Configure Using Azure CLI
Set environment variable:
az webapp config appsettings set \
--resource-group MyResourceGroup \
--name MyAppService \
--settings Jwt__Key=SuperSecretKey
View settings:
az webapp config appsettings list \
--resource-group MyResourceGroup \
--name MyAppService
This approach is ideal for DevOps pipelines.
Method 3: Configure via ARM/Bicep Template
Example in ARM template:
"appSettings": [
{
"name": "Jwt__Key",
"value": "SuperSecretKey"
}
]
Infrastructure-as-Code ensures reproducible deployments.
Reading Environment Variables in ASP.NET Core
ASP.NET Core automatically loads environment variables.
Using IConfiguration:
public class JwtService
{
private readonly IConfiguration _configuration;
public JwtService(IConfiguration configuration)
{
_configuration = configuration;
}
public string GetKey()
{
return _configuration["Jwt:Key"];
}
}
Using strongly typed options pattern:
builder.Services.Configure<JwtSettings>(
builder.Configuration.GetSection("Jwt"));
public class JwtSettings
{
public string Key { get; set; }
}
This ensures clean configuration binding.
Connection Strings in Azure App Service
Azure provides a dedicated Connection strings section in Configuration.
Example:
Key: DefaultConnection
Value: Server=...;Database=...;
Access in code:
var connectionString = builder.Configuration
.GetConnectionString("DefaultConnection");
Azure automatically injects connection strings as environment variables.
Application Settings vs appsettings.json
| Parameter | appsettings.json | Azure App Service Settings |
|---|
| Storage Location | Codebase | Azure Cloud |
| Security | Visible in repo | Secure in Azure |
| Environment Specific | Requires separate file | Easily configurable |
| Deployment Flexibility | Requires redeployment | No code change required |
| Secret Management | Not recommended | Recommended |
Azure App Service settings are preferred for production secrets.
Deployment Slots and Slot Settings
Azure App Service supports deployment slots (e.g., Staging, Production).
To mark a setting as slot-specific:
This prevents sensitive values from swapping during slot swap.
Example use case:
Setting ASP.NET Core Environment
To define environment (Development, Staging, Production):
Key:
ASPNETCORE_ENVIRONMENT
Value:
Production
ASP.NET Core automatically loads appsettings.Production.json.
Security Best Practices
Never store secrets in source code
Use Azure Key Vault for high-security environments
Use Managed Identity for secret retrieval
Rotate secrets periodically
Limit access via Azure RBAC
Avoid exposing sensitive values in logs
Using Azure Key Vault with App Service
Instead of storing secrets directly, reference Key Vault.
Example setting value:
@Microsoft.KeyVault(SecretUri=https://myvault.vault.azure.net/secrets/MySecret/)
App Service retrieves secret securely without exposing it.
Real-World Production Scenario
In a multi-environment SaaS application:
Development uses local appsettings.Development.json
Staging uses Azure App Service settings
Production uses Key Vault references
CI/CD pipeline updates environment variables automatically
This ensures security, flexibility, and maintainability.
Common Mistakes
Using single underscore instead of double underscore
Forgetting to restart app after changes
Storing secrets in appsettings.json
Not marking slot-specific settings
Hardcoding configuration in services
Proper configuration prevents production incidents.
Summary
Configuring environment variables in Azure App Service enables secure, flexible, and environment-specific configuration management for .NET applications. By using Application Settings in the Azure Portal, Azure CLI, or Infrastructure-as-Code templates, developers can override appsettings.json values without modifying source code. Environment variables support nested configuration using double underscores, integrate seamlessly with ASP.NET Core’s configuration system, and allow secure secret management through Azure Key Vault references. Implementing best practices such as slot-specific settings, Managed Identity integration, and proper secret rotation ensures scalable, secure, and production-ready cloud deployments.