Summary

• New article 5.9-azure-key-vault-secrets.md covering two Key Vault use cases for the Talent Management project
• Add 5.9 entry to SERIES-NAVIGATION-TOC.md

Article covers

Part 1 — App Service Key Vault references (zero code changes):

• Secret naming convention (double-hyphen maps to colon in .NET config)
• az keyvault secret set for all project secrets
• @Microsoft.KeyVault(SecretUri=...) syntax in App Service settings
• Verifying green check in the Portal
• Updating GitHub Actions workflows to use KV references instead of raw secret values

Part 2 — .NET code:

• NuGet packages: Azure.Identity, Azure.Security.KeyVault.Secrets, Azure.Extensions.AspNetCore.Configuration.Secrets
• AddAzureKeyVault() in Program.cs — wires all KV secrets into IConfiguration
• DefaultAzureCredential — works with az login locally, managed identity in production
• SecretClient for on-demand secret fetching
• dotnet user-secrets for local dev, Key Vault for production
• When to use each approach (comparison table)