{"id":"appservice-keyvault-secure-configuration","text":"App Service integrates with Key Vault for a zero-secret-in-code configuration pipeline: Key Vault references inject secrets into app settings via `@Microsoft.KeyVault(SecretUri=...)` syntax, certificates stored as Key Vault certificate objects enable autorotation, and user-assigned managed identity provides credential-free vault authentication — eliminating secrets from both application code and deployment configuration.","truth_value":"IN","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"appservice-keyvault-secure-configuration","truth_value":"IN","reason":"premise"}]}}