We are planning to use azure key vault for securing database connection string other secrets e.g. Azure AD application secret and client ID.
But while fetching this values from key-vault we need to provide Azure AD client id and secret to API and we end up setting these values in application.json file.
What is best way to store secure Azure AD clientID and secret in Azure Key-vault? I know we can create separate AD Application and utilize that but I want to avoid creating new application.
You are using key-vault to secure clientID/secret , like you create a key(key-vault) to access resources(clientID/secret) in a strongbox , but you need another key to use key-vault key .... That seems a infinite loop . If that app is host on azure(app service) , you could store the client ID/secret in App settings in Application settings blade of app service . The Azure Web App configurations in the cloud will be injected into the config system at runtime . You will not set the configurations in system files(web.config) and azure provides basic security protect .
