Azure · Cloudbeginner
Azure App Service — Application Settings
The JSON bulk-edit format for App Service application settings and connection strings — the array you paste into the Advanced edit blade to manage a web app’s environment in one shot.
azureapp-serviceweb-appconfigurationenv
Preview
[
{
"name": "NODE_ENV",
"value": "production",
"slotSetting": false
},
{
"name": "WEBSITE_NODE_DEFAULT_VERSION",
"value": "~20",
"slotSetting": false
},
{
"name": "WEBSITE_RUN_FROM_PACKAGE",
"value": "1",
"slotSetting": false
},
{
"name": "APPLICATIONINSIGHTS_CONNECTION_STRING",
"value": "@Microsoft.KeyVault(SecretUri=https://my-vault.vault.azure.net/secrets/appinsights-conn/)",
"slotSetting": false
},
{
"name": "DATABASE_URL",
"value": "@Microsoft.KeyVault(SecretUri=https://my-vault.vault.azure.net/secrets/db-url/)",
"slotSetting": true
},
{
"name": "API_BASE_URL",
"value": "https://api.example.com",
"slotSetting": true
}
]AI actions
Documentation
Purpose
Bulk-manage a Web App’s environment variables and connection strings as one JSON array instead of editing rows by hand.
When to use
Migrating settings between slots or environments, code-reviewing config changes, or seeding a new App Service from a known-good baseline.
Required fields
- name — the setting key exposed as an environment variable
- value — the setting value
- slotSetting — whether the value is pinned to the deployment slot
Optional fields
- WEBSITE_* keys — platform behavior toggles (run-from-package, node version)
- connection-string entries — surfaced with provider-specific prefixes
Best practices
- Mark environment-specific values (DB, endpoints) as slot settings so a swap keeps them in place.
- Reference Key Vault secrets with @Microsoft.KeyVault(...) instead of raw values.
- Keep this array in source control as the single source of truth for config.
Security considerations
- Never commit real secrets; use Key Vault references for anything sensitive.
- App settings are encrypted at rest but visible to anyone with portal access — scope RBAC tightly.
- Prefer managed identity over connection strings with embedded credentials.