Azure Key Vault
Fetch secrets from Azure Key Vault to use as variables in your API requests.
Prerequisites
- Azure subscription with Key Vault access
- Azure AD application (service principal)
- A Key Vault with secrets
Configuration
- Go to Settings > Secret Providers
- Click Add Provider
- Select Azure
- Fill in the configuration:
| Field | Description |
|---|---|
| Name | Display name for this provider |
| Vault URL | Key Vault URL (e.g., https://myvault.vault.azure.net) |
| Tenant ID | Azure AD tenant ID |
| Client ID | Application (client) ID |
| Client Secret | Client secret value |
| Secret Name | Name of the secret |
- Click Test Connection to verify credentials
- Click Save
Secret Format
Secrets can be stored as JSON key-value pairs:
{
"API_KEY": "sk-xxx",
"DATABASE_URL": "postgres://user:pass@host:5432/db",
"STORAGE_KEY": "your-storage-key"
}
Each key becomes a variable you can use as {{API_KEY}}, {{DATABASE_URL}}, etc.
If your secret is a plain string (not JSON), it will be available using the secret name as the variable name.
RBAC Permissions
Grant the service principal the Key Vault Secrets User role:
Key Vault Secrets User
Or create a custom role with:
Microsoft.KeyVault/vaults/secrets/getSecret/action
Creating an App Registration
- Go to Azure AD > App registrations
- Click New registration
- Name it (e.g.,
istek-secrets-reader) - Click Register
- Copy the Application (client) ID and Directory (tenant) ID
- Go to Certificates & secrets > New client secret
- Copy the secret value
Granting Key Vault Access
- Go to your Key Vault > Access control (IAM)
- Click Add role assignment
- Select Key Vault Secrets User
- Assign to your app registration
Usage
Once configured, click Fetch Secrets to load the secrets. They will be available as variables in your requests:
GET {{API_URL}}/users
Authorization: Bearer {{API_KEY}}