Azure · Cloudbeginner

Azure App Service — Application Settings

The JSON bulk-edit format for App Service application settings and connection strings — the array you paste into the Advanced edit blade to manage a web app’s environment in one shot.

azureapp-serviceweb-appconfigurationenv

Preview

[
  {
    "name": "NODE_ENV",
    "value": "production",
    "slotSetting": false
  },
  {
    "name": "WEBSITE_NODE_DEFAULT_VERSION",
    "value": "~20",
    "slotSetting": false
  },
  {
    "name": "WEBSITE_RUN_FROM_PACKAGE",
    "value": "1",
    "slotSetting": false
  },
  {
    "name": "APPLICATIONINSIGHTS_CONNECTION_STRING",
    "value": "@Microsoft.KeyVault(SecretUri=https://my-vault.vault.azure.net/secrets/appinsights-conn/)",
    "slotSetting": false
  },
  {
    "name": "DATABASE_URL",
    "value": "@Microsoft.KeyVault(SecretUri=https://my-vault.vault.azure.net/secrets/db-url/)",
    "slotSetting": true
  },
  {
    "name": "API_BASE_URL",
    "value": "https://api.example.com",
    "slotSetting": true
  }
]

AI actions

Documentation

Purpose

Bulk-manage a Web App’s environment variables and connection strings as one JSON array instead of editing rows by hand.

When to use

Migrating settings between slots or environments, code-reviewing config changes, or seeding a new App Service from a known-good baseline.

Required fields

  • name — the setting key exposed as an environment variable
  • value — the setting value
  • slotSetting — whether the value is pinned to the deployment slot

Optional fields

  • WEBSITE_* keys — platform behavior toggles (run-from-package, node version)
  • connection-string entries — surfaced with provider-specific prefixes

Best practices

  • Mark environment-specific values (DB, endpoints) as slot settings so a swap keeps them in place.
  • Reference Key Vault secrets with @Microsoft.KeyVault(...) instead of raw values.
  • Keep this array in source control as the single source of truth for config.

Security considerations

  • Never commit real secrets; use Key Vault references for anything sensitive.
  • App settings are encrypted at rest but visible to anyone with portal access — scope RBAC tightly.
  • Prefer managed identity over connection strings with embedded credentials.