Skip to main content
Bifrost integrates with Azure Key Vault for secret management in Microsoft cloud environments, allowing you to store provider API keys and virtual keys in your Azure infrastructure and automatically sync them into Bifrost.

Configuration

Add a vault block to your Bifrost configuration to connect to Azure Key Vault: 
{
  "vault": {
    "type": "azure_key_vault",
    "vault_url": "https://your-keyvault.vault.azure.net/",
    "client_id": "${AZURE_CLIENT_ID}",
    "client_secret": "${AZURE_CLIENT_SECRET}",
    "tenant_id": "${AZURE_TENANT_ID}",
    "sync_interval": "300s"
  }
}

Configuration Fields

FieldTypeDescription
typestringMust be set to "azure_key_vault" to use Azure Key Vault.
vault_urlstringThe full URL of your Azure Key Vault instance (e.g., "https://your-keyvault.vault.azure.net/").
client_idstringAzure AD application (client) ID for authentication. Supports environment variable interpolation via ${AZURE_CLIENT_ID}.
client_secretstringAzure AD client secret for authentication. Supports environment variable interpolation via ${AZURE_CLIENT_SECRET}.
tenant_idstringAzure AD tenant ID for authentication. Supports environment variable interpolation via ${AZURE_TENANT_ID}.
sync_intervalstringHow often Bifrost syncs keys from Azure Key Vault. Accepts duration strings such as "300s", "5m", or "1h".
The sync_interval field controls how frequently Bifrost polls your vault for key changes. Lower intervals detect changes faster but increase load on your vault server. See the Vault Support page for full sync configuration options including sync_paths and auto_deprecate.
For key synchronization, deprecation management, and security configuration, see Vault Support.