Azure App configuration

1. Azure App configuration

Need to change a message, toggle a feature, or update a setting without touching code or redeploying? That is exactly what Azure App Configuration is designed to handle.

2. What Is Azure App configuration?

In cloud applications, settings often become scattered across configuration files, environment variables, or even databases, which makes them difficult to manage and maintain. Azure App Configuration centralizes all your application settings in one secure location. You can update settings or toggle features without redeploying your application. Because it is fully managed by Azure, it also provides built-in security and seamless integration with other Azure services.

3. PeopleSphere with App Configuration

For example, PeopleSphere, the HR application discussed earlier, stores settings such as login rules, password expiration policies, and toggles for new HR features in App Configuration instead of hardcoding them into the application.

4. App Config storage: keys

App Configuration stores data as key-value pairs. Keys uniquely identify each setting. They can be simple and flat, or structured using prefixes to create a hierarchy. For instance, PeopleSphere:HR:ThemeColor uses colons to create a folder-like structure.

5. Labels in App configuration

Labels are optional and allow you to assign different values to the same key for different environments, such as Dev or Prod. This means your application can reference the same key name while retrieving environment-specific values depending on where it is running.

6. App config storage: values

Values store the actual data. They support all characters and can include metadata, which provides additional descriptive information such as type or format. All values are encrypted at rest and in transit. However, metadata is not encrypted in the same way as values, so it should only contain non-sensitive descriptive information.

7. Feature management

Features represent specific parts of your application, such as dark mode, beta access, or promotional banners. Feature management allows you to toggle these features without modifying code or redeploying the application. Feature management has three core components. First, Feature Flags. These act as simple switches that turn features on or off. Next, the Feature Manager. This is typically a library or SDK integrated into your application. It reads the feature flag values and determines how the application should behave. To improve performance and avoid constant service calls, it intelligently caches configuration values and refreshes them automatically when needed. Finally, Filters determine when a feature should be active. Conditions can be based on user group, geographic region, or time.

8. Securing data in Azure App configuration

Securing configuration data is critical. Azure App Configuration supports three main security options. These include Customer Managed Keys, Private Endpoints, and Managed Identities.

9. Customer-managed keys

Customer Managed Keys allow you to bring your own encryption keys from Azure Key Vault, using Managed Identity rather than relying solely on Azure-managed keys. This process wraps, meaning protects, the internal encryption key that secures your data. The wrapped key is stored securely, while the unwrapped version is temporarily cached in memory for performance and automatically refreshed every hour to stay synchronized with the latest version in Key Vault.

10. Secure with private endpoints

Another way to secure App Configuration is through Private Endpoints. Private Endpoints assign a private IP address from your virtual network, ensuring that traffic does not traverse the public internet. This approach is ideal for internal applications and sensitive data, and it supports firewall rules as well as connectivity from on-premises environments through VPN or ExpressRoute.

11. Securing with managed identities

Managed Identities provide another layer of security. They allow applications to securely access Azure services without storing credentials in code. Azure automatically handles identity creation and key rotation. There are two types. First, a system-assigned identity. Azure creates it automatically for your application and deletes it when the application is removed. Second, a user-assigned identity. You create it once and can assign it to multiple services as needed.

12. Let's practice!

Let's now jump into some exercises!

Create Your Free Account

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.