Azure Key Vault provides a secure way to store and access secrets in ASP.NET Core applications running on App Service or Azure Functions. To use Azure Key Vault with an ASP.NET Core app, developers can add specific NuGet packages, get the URL of the Vault, create their client ID and secret, connect to the vault, and read settings. However, this process is not trivial and requires several steps. A simpler way to consume secrets from Key Vault is by using Azure Key Vault references, which allows referencing secrets directly in app settings without changing code. To use Azure Key Vault references, developers need to create a Key Vault, add a secret (connection string) to it, get the "reference" of their secret, and then configure the access policy for the App Service to access the Key Vault. The process also requires creating a system-assigned identity for the App Service to access the Key Vault securely. Once everything is set up, developers can reference secrets from Key Vault directly in app settings without changing code. However, there are limitations to using Azure Key Vault references, such as requiring the use of the whole secret URL with the version at the end and being still in preview.