Status: IN
App Service integrates with Key Vault for a zero-secret-in-code configuration pipeline: Key Vault references inject secrets into app settings via `@Microsoft.KeyVault(SecretUri=...)` syntax, certificates stored as Key Vault certificate objects enable autorotation, and user-assigned managed identity provides credential-free vault authentication — eliminating secrets from both application code and deployment configuration.