Azure Key Vault


This guide will show you how to use Azure Key Vault to manage configurations via the Configu interface. Learn about the concept of stores.

Working with the store

CLI installation

1curl | sh

CLI usage

Create the store URI as follows:


Environment variables:

  • AZURE_CLIENT_ID: The client(application) ID of an App Registration in the tenant.
  • AZURE_CLIENT_SECRET: A client secret that was generated for the App Registration.
  • AZURE_TENANT_ID: The Azure Active Directory tenant(directory) ID.

CLI Upsert

configu upsert --set "example" --schema "example.cfgu.json" --store "azure-key-vault:// clientId:clientSecret@tenantId?vaultUrl=" --config "FOO=value" --config "BAR=bar"

CLI Export

configu export --set "example" --schema "example.cfgu.json" --store "azure-key-vault:// clientId:clientSecret@tenantId?vaultUrl=" --format "Dotenv"

CLI Delete

configu delete --set "example" --schema "example.cfgu.json" --store --store "azure-key-vault:// clientId:clientSecret@tenantId?vaultUrl="

SDK installation

Install the node.js SDK

// * Using yarn
yarn add @configu/node
// * Using npm
npm install --save @configu/node

SDK usage

import { Cfgu, Set, UpsertCommand, EvalCommand, DeleteCommand, AzureKeyVaultStore} from "@configu/node";
import path from "path";

const store = new AzureKeyVaultStore({ credentials: { clientId, clientSecret, tenantId}, vaultUrl });
const schema = new Cfgu(path.resolve(__dirname, "./example.cfgu.json"));
const set = new Set("dev");

// * Example upsert command
await new UpsertCommand({ store, set, schema, configs: [{ key: "foo", value: "bar" }] }).run();

// * Example eval command
const configs = await new EvalCommand({ store, set, schema }).run();

// * Example delete command
await new DeleteCommand({ store, set, schema }).run();


To reference a value from this store, use the following reference format:





  • Deleting entire configs does not immediately remove secrets, attempting to upsert before absolute deletion is complete will throw an error. Deleted secrets can be purged via the Azure Key Vault portal