What is azure app configuration?
- proivides service to centrally manage app settings and feature flags
- stores all the settings for your app and secure their accesses in one place
What does app configuration provide?
- fully managed service that is setup in mins
- flexible key represenations and mappings
- Tagging
- Point-in-time replay settings
- Dedicated UI
- Comparisioon of 2 sets of configs on custum defined dimensions
- Enhanced security through managed IDs
- Encryption of sensitivbe info at rest and in transit
- native integreation with populatr frameworks
What scenarios does app config make it easier to implement?
- Centralise management and distribution of hierarchical config for different envs and geographies
- Dynamuically change app settings without need to redpeloy of restart app
- control feature availability in real time
What are keys in relation to app config?
- Used to store and rerieve corresponding values (Key:Value)
- Case sentivie unicode based strings
- can use any value for key names except for “*," which are reserved
- can use reserved char with escape char “"
- combined size limit of ke7-value pair at 10k chars
- can be done in flat key:value way or in hierarchical appname:keyname:value which makes it easier to manage and read
What are key labels in terms of app config?
- attribute used to diffrentiate key-values with the same key
- e.g. if we have multiple db endpoints we might label them per env
- to explicity reference a key-value without a label use \0
- app config doesnt version key values when they are modified so labels can be used to create multiple versions
How do we app config for data?
- query app config store for key-values by specifying a pattern
- app config store returns all key-values that match the pattern including their corresponding values and attributes
What are values in terms of app config?
- unicode strings
- can use all unicode chars
- has optional user-defined contrent type associated with each value, used to store info such as encoding schema
What is a feature flag?
- Var with binary state of on or off
- State of the flag triggers whether the code block runs or not
What is feature manager in terms of app config?
- app package that handles the lifecycle of all the feature flags in an app, provides extra functionality such as caching feature flags and updating their states
What is a filter in terms of app config?
- a filter is a rule for evaluating the state of a feature flag, a user group, a device or browser type, a geographic location and a time window
What does effective implementation of feature management consist of?
- An app that makes use of feature flags
- A seperate repo that stores all the flags in their current states
How do filters work with feature flags to determine state?
- feature flag has a name and a list of filters that are used to evaluate state
- if flag has multiple filters the filter list is traversed in order until one of the filters determines the feature should be enabled
- if no filter indicates it should be enabled then it is off
How does feature managee support appsettings.json?
“FeatureManagement”: {
“FeatureA”: true,
“FeatureB”: false,
“FeatureC”:{
“EnabledFor”:[
“Name”: “Percentage”
“Parameters”:{
“Value”: 50
}
]
}}
How does app config encrypt sensitive info?
- Encrypts at rest with 256-bit AES encryption key provided by MS
- each instance has its own key managed by the service and used to encrypt sensitive info (e.g. values from key:value pairs)
- when customer managed key capability is enabled, app config uses a managed ID assigned to the app config instance to auth with entra
- managed ID calls the KV and wraps the config instances encryption key
- wrapped key is then stored and the unwrapped key is cached within app config for one hour
- app config refreshes the unwrapped version hourly
What is required to successfully enable the customer managed key capability for app config?
- Standard tier app config instance
- key vault with soft delete and purge protection enabled
- RSA or RSA-HSM key within the key vault that is not expired, is enabled and has wrap and unwrap capabilities enabled
- Assign managed ID to the app config instance
- grant the ID GET, WRAP and UNWRAP perms in the target key vaults access policy
How can we use private endpoints with app config?
- allow clients on a VM to securely access data over private link
- Pe uses an IP from the VN address space for your app config store
- Network traffic between the clients on the VN and the app config store traverses over the vnet using private link on the MS backbone network, elimating public exposure
What do private endpoints enable us to do?
- Secure app config details by configuring the firewall to block all public connections
- increase security for the vnet ensuring data doesnt escape
- securly connect to the app config store from on-premises networks usiong VPN or expressroutes with private peering
Command to add system assigned ID to app config?
az appconfig identity assign –name configStoreName –resource-group RGName
Command to add user assigned ID to app config?
az identity create –resource-group myRG –name myuserassignedidentity
az appconfig identity assign –name myConfigStore –resource-group MyRG –identities <ID_NAME></ID_NAME>
-
Explore Azure App Service25
-
Configure Web App Settings19
-
Scale Apps in Azure App Service17
-
Deployment Slots19
-
Explore Azure Functions23
-
Develop Azure Functions13
-
Explore Azure Blob Storage22
-
Manage Azure Blob Lifecycle14
-
Work with Azure Blob Storage11
-
Explore Cosmos DB33
-
Work with Azure Cosmos DB29
-
Manage Container Images in Azure Container Registry18
-
Run Container Images in Container Instances16
-
Implement Azure Container Apps30
-
Explore Microsoft Identity Platform20
-
Authentication By MSAL16
-
Implement User Auth17
-
Explore MS Graph20
-
Implement Azure Key Vault12
-
Implement Managed Identities19
-
Implement Azure App Configuration19
-
Explore API Management26
-
Secure APIs14
-
Explore Azure Event Grid30
-
Explore Azure Event Hubs15
-
Azure Message Queues20
-
Monitor App Performance15
