This is, in my opinion, one of the coolest features of Azure. Azure Key Vault is a space in Azure where you can add certificates and keys for strings and cryptographic keys that you want to keep safe and don't want inside source control, etc.
I've worked with the process for managing keys in AWS and in my experience (each usage/implementaiton is different), AWS Secrets is a slightly less simple process. (meaning it is pretty simple too, but I'm partial to Azure).
To enable storing Secrets in Azure, you first create an Azure Key Vault in your Azure account. Then you add keys (for instance the clientID and secretKey for an API your apps use or an artifact repository URI or database connection strings, etc.).
Once the keys are created, you configure Azure KeyVault for your application in appSettings as such:
.ConfigureAppConfiguration((context, config) =>
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultURI = "https://myvault.vault.azure.net/";
var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
cfg.AddAzureKeyVault(keyVaultURI, new DefaultKeyVaultSecretManager());
}); And once wired up, you can refer to your keys from that app- both on-prem and in the cloud (it uses SSL for the transfer) just as you would reference an appettings value through an IConfiguration object a la:
val keyVal = _configuration["mySuperSecretKeyInAzureKeyVault"];
Reference: https://azure.microsoft.com/en-us/services/key-vault/
