diff --git a/Extensions/KeyVaultConfigurationExtensions.cs b/Extensions/KeyVaultConfigurationExtensions.cs
new file mode 100644
index 0000000..9b3f7aa
--- /dev/null
+++ b/Extensions/KeyVaultConfigurationExtensions.cs
@@ -0,0 +1,28 @@
+using Azure.Extensions.AspNetCore.Configuration.Secrets;
+using Azure.Identity;
+
+namespace MyAccountPage
+{
+    public static class KeyVaultConfigurationExtensions
+    {
+
+        public static IConfigurationBuilder ConfigureAzureKeyVault(this WebApplicationBuilder builder)
+        {
+            var kvName = builder.Configuration["KeyVault:Name"];
+            if (string.IsNullOrWhiteSpace(kvName))
+                return builder.Configuration;
+
+            var kvPrefix = builder.Configuration["KeyVault:SecretsPrefix"];
+            var kvReloadIntervalInMinutes = builder.Configuration.GetValue<int>("KeyVault:ReloadIntervalInMinutes", default);
+
+            TimeSpan? kvReloadInterval = kvReloadIntervalInMinutes == default ? null : new TimeSpan(hours: 0, minutes: kvReloadIntervalInMinutes, seconds: 0);
+
+            var kvOptions = new AzureKeyVaultConfigurationOptions() { ReloadInterval = kvReloadInterval, Manager = new KeyVault.PrefixKeyVaultSecretManager(kvPrefix) };
+
+            return builder.Configuration.AddAzureKeyVault(
+                vaultUri: new Uri($"https://{kvName}.vault.azure.net/"),
+                credential: new ChainedTokenCredential(new DefaultAzureCredential()
+                ), kvOptions);
+        }
+    }
+}
diff --git a/KeyVault/PrefixKeyVaultSecretManager.cs b/KeyVault/PrefixKeyVaultSecretManager.cs
new file mode 100644
index 0000000..bdcb225
--- /dev/null
+++ b/KeyVault/PrefixKeyVaultSecretManager.cs
@@ -0,0 +1,30 @@
+using Azure.Extensions.AspNetCore.Configuration.Secrets;
+using Azure.Security.KeyVault.Secrets;
+using Microsoft.IdentityModel.Tokens;
+
+namespace KeyVault
+{
+    public class PrefixKeyVaultSecretManager : KeyVaultSecretManager
+    {
+        private readonly string _prefix;
+
+
+        public PrefixKeyVaultSecretManager(string? prefix)
+        {
+            prefix ??= string.Empty;
+            _prefix = prefix.IsNullOrEmpty() || prefix.EndsWith("--") ? prefix : $"{prefix}--";
+        }
+
+        public override bool Load(SecretProperties secret)
+        {
+            return secret.Name.StartsWith(_prefix, StringComparison.OrdinalIgnoreCase);
+        }
+
+        public override string GetKey(KeyVaultSecret secret)
+        {
+            return secret.Name
+                .Substring(_prefix.Length)
+                .Replace("--", ConfigurationPath.KeyDelimiter);
+        }
+    }
+}
diff --git a/MyAccountPage.csproj b/MyAccountPage.csproj
index 53c846e..03595f6 100644
--- a/MyAccountPage.csproj
+++ b/MyAccountPage.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk.Web">
+<Project Sdk="Microsoft.NET.Sdk.Web">
 
   <PropertyGroup>
     <TargetFramework>net6.0</TargetFramework>
@@ -7,11 +7,15 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="Azure.Extensions.AspNetCore.Configuration.Secrets" Version="1.2.2" />
     <PackageReference Include="Microsoft.AspNetCore.Session" Version="2.2.0" />
     <PackageReference Include="Microsoft.Identity.Web" Version="2.5.0" />
     <PackageReference Include="Microsoft.Identity.Web.MicrosoftGraph" Version="2.5.0" />
     <PackageReference Include="Microsoft.Identity.Web.UI" Version="2.5.0" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.2" />
+
+    <PackageReference Include="Azure.Identity" Version="1.8.2" />
+    <PackageReference Include="Microsoft.Extensions.Configuration" Version="7.0.0" />
   </ItemGroup>
 
 </Project>
diff --git a/Program.cs b/Program.cs
index 4b265b5..69501ce 100644
--- a/Program.cs
+++ b/Program.cs
@@ -2,14 +2,13 @@
 using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.Identity.Web;
 using Microsoft.Identity.Web.UI;
-using Microsoft.Extensions.DependencyInjection;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using MyAccountPage;
-using Microsoft.AspNetCore.Authentication;
-using Microsoft.Extensions.Options;
 
 var builder = WebApplication.CreateBuilder(args);
 
+builder.ConfigureAzureKeyVault();
+
 var initialScopes = builder.Configuration["MicrosoftGraph:Scopes"]?.Split(' ');
 
 // Add services to the container.
diff --git a/ReadmeFiles/Deployment.md b/ReadmeFiles/Deployment.md
index 119caf1..b11db01 100644
--- a/ReadmeFiles/Deployment.md
+++ b/ReadmeFiles/Deployment.md
@@ -196,6 +196,20 @@ And the last bit is your configuration for your Verified Employee credential and
     "Authority": "YOUR VC SERVICE AUTHORITY/DID"
   },
 ```
+
+If you want to add Azure Key Vault for storing secrets, add the following configuration section. 
+```
+"KeyVault": {
+  "Name": "YOUR KEYVAULT NAME",
+  "SecretsPrefix": "",
+  "ReloadIntervalInMinutes": 15
+},
+```
+The Name is the name of your key vault (not the full url).
+The secrets prefix is optional and can be used if you store multiple applications in the same key vault. 
+The reload interval is the interval in minutes the application will reload the secrets from the key vault. This is useful if you want to change the configuration without restarting the application.
+
+
 If you want to configure the app through web app configuration navigates to your created web app and select configuration on the left-hand side.
 
 ![Web Application Configuration](Images/WebApplicationConfiguration.png)
diff --git a/appsettings.json b/appsettings.json
index 813e5b3..694939f 100644
--- a/appsettings.json
+++ b/appsettings.json
@@ -50,6 +50,12 @@
     "Scopes": "user.read"
   },
 
+  "KeyVault": {
+    //"Name": "YOUR KEYVAULT NAME",
+    //"SecretsPrefix": "",
+    //"ReloadIntervalInMinutes": 15
+  },
+
   "Logging": {
     "LogLevel": {
       "Default": "Information",