Merge pull request #304445 from MicrosoftDocs/main

PhilKang0704 · web-flow · commit b157714810b2 · 2025-08-20T13:36:58.000+08:00
8/20/2025 11:00 AM IST Publish
diff --git a/articles/azure-app-configuration/configuration-provider-overview.md b/articles/azure-app-configuration/configuration-provider-overview.md
@@ -54,9 +54,10 @@ Dynamic Refresh (Poll Mode) | [GA](./reference-dotnet-provider.md#refresh-on-sen
 Dynamic Refresh (Push Mode) | GA | GA | N/A | N/A | N/A | N/A
 Dynamic Refresh (Collection Monitoring) | [GA](./reference-dotnet-provider.md#configuration-refresh) | WIP | GA | WIP | [GA](./reference-javascript-provider.md#configuration-refresh) | GA
 JSON Content Type Handling | [GA](./reference-dotnet-provider.md#json-content-type-handling) | GA | GA | GA | [GA](./reference-javascript-provider.md#json-content-type-handling) | GA
+JSON with Comments | WIP | WIP | WIP | WIP | [GA](./reference-javascript-provider.md#json-content-type-handling) | WIP
 Configuration Setting Mapping | [GA](./reference-dotnet-provider.md#configuration-setting-mapping) | N/A | N/A | N/A | N/A | N/A
 Key Vault References | [GA](./reference-dotnet-provider.md#key-vault-reference) | GA | GA | GA | [GA](./reference-javascript-provider.md#key-vault-reference) | GA
-Key Vault Secret Refresh | [GA](./reference-dotnet-provider.md#key-vault-secret-refresh) | N/A | GA | WIP | WIP | GA
+Key Vault Secret Refresh | [GA](./reference-dotnet-provider.md#key-vault-secret-refresh) | WIP | GA | WIP | [GA](./reference-javascript-provider.md#key-vault-secret-refresh) | GA
 Custom Key Vault Secret Resolution | [GA](./reference-dotnet-provider.md#key-vault-reference) | GA | GA | GA | [GA](./reference-javascript-provider.md#key-vault-reference) | GA
 Parallel Secret Resolution | WIP | N/A | WIP | N/A | [GA](./reference-javascript-provider.md#parallel-secret-resolution) | GA
 Feature Flags | [GA](./reference-dotnet-provider.md#feature-flag) | GA | GA | GA | [GA](./reference-javascript-provider.md#feature-flag) | GA
@@ -69,8 +70,8 @@ Replica Failover | [GA](./reference-dotnet-provider.md#geo-replication) | GA | G
 Replica Load Balancing | [GA](./reference-dotnet-provider.md#geo-replication) | WIP | GA | GA | [GA](./reference-javascript-provider.md#geo-replication) | WIP
 Snapshots | [GA](./reference-dotnet-provider.md#snapshot) | GA | GA | WIP | [GA](./reference-javascript-provider.md#snapshot) | WIP
 Distributed Tracing | [GA](./reference-dotnet-provider.md#distributed-tracing) | WIP | WIP | WIP | WIP | WIP
-Health Check | [GA](./reference-dotnet-provider.md#health-check) | WIP | WIP | WIP | WIP | WIP 
-Select by Tag Filters | [GA](./reference-dotnet-provider.md#load-specific-key-values-using-selectors) | WIP | WIP | GA | WIP | WIP 
+Health Check | [GA](./reference-dotnet-provider.md#health-check) | GA | WIP | WIP | WIP | WIP 
+Select by Tag Filters | [GA](./reference-dotnet-provider.md#load-specific-key-values-using-selectors) | WIP | WIP | GA | [GA](./reference-javascript-provider.md#tag-filters) | WIP 
 
 ## Support policy
 
diff --git a/articles/azure-app-configuration/reference-javascript-provider.md b/articles/azure-app-configuration/reference-javascript-provider.md
@@ -138,6 +138,9 @@ const appConfig = await load(endpoint, credential);
 const { size, color } = appConfig.get("font");
 ```
 
+> [!NOTE]
+> Starting with version *2.2.0* of `@azure/app-configuration-provider`, the configuration provider can properly recognize JSON with comments([JSONC](https://jsonc.org/)) and convert it into object.
+
 ### Load specific key-values using selectors
 
 By default, the `load` method will load all configurations with no label from the configuration store. You can configure the behavior of the `load` method through the optional parameter of [`AzureAppConfigurationOptions`](https://github.com/Azure/AppConfiguration-JavaScriptProvider/blob/main/src/AzureAppConfigurationOptions.ts) type.
@@ -151,8 +154,9 @@ const appConfig = await load(endpoint, credential, {
             keyFilter: "app1.*",
             labelFilter: "test"
         },
-        { // load the subset of keys starting with "dev" label"
-            labelFilter: "dev*"
+        { // load the subset of keys with "dev" label"
+            keyFilter: "*",
+            labelFilter: "dev"
         }
     ]
 });
@@ -161,6 +165,29 @@ const appConfig = await load(endpoint, credential, {
 > [!NOTE]
 > Key-values are loaded in the order in which the selectors are listed. If multiple selectors retrieve key-values with the same key, the value from the last one will override any previously loaded value.
 
+#### Tag filters
+
+The tag filters parameter selects key-values with specific tags. A key-value is only loaded if it has all of the tags and corresponding values specified in the filters.
+
+```typescript
+const appConfig = await load(endpoint, credential, {
+    selectors: [
+        { // load the subset of keys with "test" label" and three tags
+            keyFilter: "*",
+            labelFilter: "test",
+            tagFilters: [
+                "emptyTag=",
+                "nullTag=\0",
+                "tag1=value1"
+            ]
+        }
+    ]
+});
+```
+
+> [!NOTE]
+> The characters asterisk (`*`), comma (`,`), and backslash (`\`) are reserved and must be escaped with a backslash when used in a tag filter.
+
 ### Trim prefix from keys
 
 You can trim the prefix off of keys by providing a list of trimmed key prefixes to the `AzureAppConfigurationOptions.trimKeyPrefixes` property.
@@ -391,6 +418,26 @@ const appConfig = await load(endpoint, credential, {
 > When resolving secret in parallel, you may encounter the [service limit](/azure/key-vault/general/service-limits#secrets-managed-storage-account-keys-and-vault-transactions) of Azure Key Vault.
 > To handle throttling effectively, implement the [client-side throttling best practices](/azure/key-vault/general/overview-throttling#how-to-throttle-your-app-in-response-to-service-limits) by configuring appropriate retry options for the `SecretClient`. You can either register custom `SecretClient` instances or configure `clientOptions` via the `AzureAppConfigurationOptions.keyVaultOptions`.
 
+### Key Vault secret refresh
+
+Azure App Configuration enables you to configure secret refresh intervals independently of your configuration refresh cycle. This is crucial for security because while the Key Vault reference URI in App Configuration remains unchanged, the underlying secret in Key Vault might be rotated as part of your security practices.
+
+To ensure your application always uses the most current secret values, configure the `secretRefreshIntervalInMs` property in `KeyVaultOptions`. This forces the provider to retrieve fresh secret values from Key Vault when:
+
+- Your application calls `AzureAppConfiguration.refresh`
+- The configured refresh interval for the secret has elapsed
+
+This mechanism works even when no changes are detected in your App Configuration store, ensuring your application stays in sync with rotated secrets.
+
+```typescript
+const credential = new DefaultAzureCredential();
+const appConfig = await load(endpoint, credential, {
+    keyVaultOptions: {
+        credential: credential,
+        secretRefreshIntervalInMs: 7200_000 // 2 hours
+    }
+});
+```
 
 ## Snapshot
 
