You are deploying a microservices application to Azure Kubernetes Service (AKS). One service needs to retrieve configuration values from Azure App Configuration. The configuration includes sensitive values that must be stored in Azure Key Vault. The solution should not require application code changes to reference Key Vault. What should you use?
Key Vault references are resolved by App Configuration automatically.
Why this answer
Azure App Configuration has a Key Vault references feature that allows you to store references to secrets in Key Vault. The application retrieves configuration normally, and App Configuration resolves the reference by fetching the secret from Key Vault. Option A is correct.
Option B is incorrect because direct Key Vault SDK calls require code changes. Option C is incorrect because Kubernetes Secrets do not integrate with Key Vault natively. Option D is incorrect because managed identity alone does not automatically resolve references.