Using Azure App Service Application Settings for Connection Strings
When I first started deploying my Flask app, I spent a lot of time making sure I wasn’t exposing sensitive credentials—especially Azure Blob Storage and Application Insights connection strings.
In Post #11, I explained how to use .env files and python-dotenv to keep secrets out of your repo. That method works great for local dev—but here’s something I learned recently:
Azure App Service provides its own secure way to manage app secrets.
✅ Azure Handles Environment Variables Natively
You can go to:
Azure Portal → App Service → Configuration → Application settings
And from there, you can define key-value pairs that act just like environment variables in your Flask app—without needing a .env file at all.
🔐 Why This Is Better for Deployment
- You avoid committing
.envto your repo (even accidentally) - You don’t need
load_dotenv()on production servers - You manage secrets securely through the Azure portal
- Secrets are injected server-side and never exposed in frontend or logs
📦 How I Set It Up
- Go to your App Service on Azure
- Click Configuration → Application settings
- Add your key-value pairs:
AZURE_STORAGE_CONNECTION_STRINGCONTAINER_NAMEAPPLICATIONINSIGHTS_CONNECTION_STRINGSECRET_KEY
- Click Save, and Azure will restart the app with the new settings
- In your Flask app, access them using
os.getenv()as usual:
import os
connection_string = os.getenv("AZURE_STORAGE_CONNECTION_STRING")
container = os.getenv("CONTAINER_NAME")
application_insights = os.getenv("APPLICATIONINSIGHTS_CONNECTION_STRING")
secret_key = os.getenv("SECRET_KEY")
📌 Quick Tip
If your Flask app needs a secret key, you can also define SECRET_KEY this way and avoid hardcoding it.
🧪 When Should You Use .env vs Azure App Settings?
| Use .env When... | Use Azure App Settings When... |
|---|---|
| Local development or testing | Live deployment on Azure App Service |
| Multiple developers need shared config | You want secure runtime injection |
| You’re running scripts or local tools | You’re deploying APIs or Flask apps to the cloud |
💬 Final Thoughts
This might feel like a small discovery—but it’s made my app structure cleaner and my deployment process safer. I now let Azure handle all my runtime secrets, and only use .env for local work.
If you’re building Flask apps and deploying on Azure, I highly recommend you take a few minutes to explore Application settings inside App Service—it’s a best practice that makes a real difference.
Have questions about Flask + Azure secrets or need a config template? Let’s connect.