Azure Key Vault

Azure Key Vault is a cloud service that provides a secure storage for secrets. You can use this Azure resource to securely store custom keys, passwords, certificates, and other secrets.
Azure Key Vault helps solve the following problems:

• Secrets Management - Azure Key Vault can be used to securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.
• Key Management - Azure Key Vault can be used as a Key Management solution that makes it easy to create and control the cryptographic keys used to encrypt your data.
• Certificate Management - Azure Key Vault lets you easily provision, manage, and deploy public and private Transport Layer Security/Secure Sockets Layer (TLS/SSL) certificates for use with Azure and your internal connected resources.

For more information, see Microsoft documentation » Azure Key Vault.

You can access Azure Key Vault directly through the Azure Portal, or through the Keys, secrets & certificates link on the Welcome page of Sitefinity Cloud Management Portal.

NOTE: Only users with Access Repos and Pipelines group permissions can manage secrets, keys, and certificates in a Key Vault.

As an additional level of usability, you are allowed to link a Key Vault secret to a variable group. This way, you can use Key Vault secrets when configuring the values for custom AppSettings or ConnectionStrings. The custom AppSettings and ConnectionStrings will be applied during deployment of the application to the respective environments. If the Key Vault secret value changes, you have to re-deploy the Sitefinity application so that it starts using the new value.

For more information on how to use Key Vault secrets for Sitefinity configurations, see Manage the configurations.