Location for storing connection strings, x509 certificates and other application secrets. Permissions by default are restricted. To modify from ARM, permissions will need to be applied implicitly and can be done on Key Vault creation.
Each key vault has its own usage metrics to see who and what
applications have accessed an individual secret.
Using ARM deployment we can reference any secrets using
parameters to provide the Reference Id of the Key Vault and the Secret’s name.
The Key Vaults main features are
to limit access to sensitive data (by keeping them away from the source code)
and audit access for those that do.
Using Visual Studio we can create a Resource Group Project
that will manage the configuration and deployment of a Resource Group. Creating
this type of project (from template) will generate several default
configuration properties in addition to a PowerShell script for Azure
The default project includes several alerts and application insight configuration in addition to the basic requirements for a Resource Group.
Using Visual Studio, resources can be added to the configuration file to add additional resource based functionality and overrides e.g. The website configuration can be modified to alter AppConfig settings, these can be added or modified as desired.