diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index e18a3aa..046068a 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -12,6 +12,9 @@
         }
     },
     "features": {
+        "ghcr.io/devcontainers/features/azure-cli:1": {
+            "version": "2.38"
+        },
         "ghcr.io/devcontainers/features/docker-from-docker:1": {
             "version": "20.10"
         },
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
index d0663c2..680470c 100644
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@@ -4,6 +4,7 @@
       "formulahendry.dotnet-test-explorer",
       "ms-vscode.vscode-node-azure-pack",
       "ms-kubernetes-tools.vscode-kubernetes-tools",
-      "redhat.vscode-yaml"
+      "redhat.vscode-yaml",
+      "ms-azuretools.azure-dev"
     ]
 }
\ No newline at end of file
diff --git a/infra/main.bicep b/infra/main.bicep
index 535ded5..bdf877a 100644
--- a/infra/main.bicep
+++ b/infra/main.bicep
@@ -56,8 +56,9 @@ module web './core/host/appservice.bicep' = {
     runtimeVersion: '6.0'
     tags: union(tags, { 'azd-service-name': 'web' })
     appSettings: {
-      CATALOG_CONNECTION_STRING_VALUE: '${catalogDb.outputs.connectionString}; Password=${appUserPassword}'
-      IDENTITY_CONNECTION_STRING_VALUE: '${identityDb.outputs.connectionString}; Password=${appUserPassword}'
+      CATALOG_CONNECTION_STRING_KEY: 'AZURE-SQL-CATALOG-CONNECTION-STRING'
+      IDENTITY_CONNECTION_STRING_KEY: 'AZURE-SQL-IDENTITY-CONNECTION-STRING'
+      KEY_VAULT_ENDPOINT: keyVault.outputs.endpoint
     }
   }
 }
@@ -120,5 +121,14 @@ module appServicePlan './core/host/appserviceplan.bicep' = {
   }
 }
 
+// Data outputs
+output AZURE_SQL_CATALOG_CONNECTION_STRING string = catalogDb.outputs.connectionStringKey
+output AZURE_SQL_IDENTITY_CONNECTION_STRING string = identityDb.outputs.connectionStringKey
+output AZURE_SQL_CATALOG_DATABASE_NAME string = catalogDb.outputs.databaseName
+output AZURE_SQL_IDENTITY_DATABASE_NAME string = identityDb.outputs.databaseName
+
+// App outputs
 output AZURE_LOCATION string = location
 output AZURE_TENANT_ID string = tenant().tenantId
+output AZURE_KEY_VAULT_ENDPOINT string = keyVault.outputs.endpoint
+output AZURE_KEY_VAULT_NAME string = keyVault.outputs.name
diff --git a/src/Infrastructure/Dependencies.cs b/src/Infrastructure/Dependencies.cs
index d399531..ac319d2 100644
--- a/src/Infrastructure/Dependencies.cs
+++ b/src/Infrastructure/Dependencies.cs
@@ -3,6 +3,9 @@ using Microsoft.eShopWeb.Infrastructure.Data;
 using Microsoft.eShopWeb.Infrastructure.Identity;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
+using Azure.Security.KeyVault.Secrets;
+using Azure.Identity;
+using System;
 
 namespace Microsoft.eShopWeb.Infrastructure;
 
@@ -11,6 +14,12 @@ public static class Dependencies
     public static void ConfigureServices(IConfiguration configuration, IServiceCollection services)
     {
         var useOnlyInMemoryDatabase = false;
+        string keyVaultUri = configuration["KEY_VAULT_ENDPOINT"];
+        string catalogConnectionStringKey = configuration["AZURE-SQL-CATALOG-CONNECTION-STRING"];
+        string identityConnectionStringKey = configuration["AZURE-SQL-IDENTITY-CONNECTION-STRING"];
+        string catalogConnectionStringValue = GetSqlConnectString(keyVaultUri, catalogConnectionStringKey);
+        string identityConnectionStringValue = GetSqlConnectString(keyVaultUri, identityConnectionStringKey);
+
         if (configuration["UseOnlyInMemoryDatabase"] != null)
         {
             useOnlyInMemoryDatabase = bool.Parse(configuration["UseOnlyInMemoryDatabase"]);
@@ -30,11 +39,24 @@ public static class Dependencies
             // Requires LocalDB which can be installed with SQL Server Express 2016
             // https://www.microsoft.com/en-us/download/details.aspx?id=54284
             services.AddDbContext<CatalogContext>(c =>
-                c.UseSqlServer(configuration["CATALOG_CONNECTION_STRING_VALUE"]));
+                c.UseSqlServer(catalogConnectionStringValue));
 
             // Add Identity DbContext
             services.AddDbContext<AppIdentityDbContext>(options =>
-                options.UseSqlServer(configuration["IDENTITY_CONNECTION_STRING_VALUE"]));
+                options.UseSqlServer(identityConnectionStringValue));
         }
     }
+
+    public static string GetSqlConnectString(string keyVaultUri, string connectionStringKey)
+    {
+        if (connectionStringKey == null)
+        {
+            return "";
+        }
+
+        var secretClient = new SecretClient(new Uri(keyVaultUri), new ClientSecretCredential("<tenant_id>","<client_id>","<client_secret>"));
+        KeyVaultSecret secret = secretClient.GetSecret(connectionStringKey);
+        string secretValue = secret.Value;
+        return secretValue;
+    }
 }
diff --git a/src/Infrastructure/Infrastructure.csproj b/src/Infrastructure/Infrastructure.csproj
index a0be8bb..4c7a052 100644
--- a/src/Infrastructure/Infrastructure.csproj
+++ b/src/Infrastructure/Infrastructure.csproj
@@ -8,6 +8,8 @@
 
 	<ItemGroup>
 		<PackageReference Include="Ardalis.Specification.EntityFrameworkCore" Version="6.1.0" />
+		<PackageReference Include="Azure.Identity" Version="1.5.0" />
+		<PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.4.0" />
 		<PackageReference Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="6.0.8" />
 		<PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="6.0.8" />
 		<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="6.0.8" />