Introduction
By using Azure Key Vault you can achieve the security of your connection string which is public in web.config. So this article let you know step by step about how to create Key Vault and configure the Connection string in Key vault without using any code.
Step 1: Create a Key Vault
To create Key Vault you need to provide a few details like Subscription, Resource group, Instance Details, etc.
![]()
![]()
In the above image, I have provided instance details,
- Key vault name – it is the name which you want to give to resource.
- Region – in which region you want to deploy the resource.
- Pricing tier – there are options you can select.
![]()
Once validation passed, you can create the resource.
![]()
Step 2: Create a Secret in Key Vault
There are options to provide details,
Upload options – Manual
Name – provide what name you want for Secret.
Value – Add connection here as below
"Data Source=xxxx.database.windows.net;Initial Catalog=xxxx;User ID=xxxx;Password=xxxx;Timeout=180;"
Once all details are added then click on create button.
![]()
![]()
Copy the Secret Identifier and keep it with you.
Step 3: Create Web App Identity
![]()
![]()
Copy Object (principal) ID and keep it with you. You can search easily and access policy.
Step 4: Add Access Policy
![]()
![]()
![]()
Step 5: Add Key vault Secret to Configuration (Secret have Connection of your application)
![]()
Before adding Connection string, you need to add that secret Identifier value in below string and then add to value textbox (add the value without space) and Save it and wait to validate Key vault reference.
Note: Secret Identifier you have copied and kept with you in Step 2
@Microsoft.KeyVault(SecretUri=<Secret Identifier>)
![]()
Note: Type needs to be selected as SQLAzure.
![]()
Once Source column come Key vault Reference with (√) Tick Mark mean, your connection string is added successfully.
Now you can able to configure connection string through Azure Key Vault.