Hi, 

I'd like to store sensitive configuration information such as my client's payment provider api key's in an Azure key within the same Azure tenant as my Episerver DXC web applications. 

The simplest way for me to accomplish this past web projects has been to leverage a custom configuration builder on the app settings that fetches them from the key vault.

https://jeffreyfritz.com/2017/11/modern-configuration-for-asp-net-4-7-1-with-configurationbuilders/ 

I would then enable Managed identity on my web app and grant it get access only to the secrets. 

https://azure.microsoft.com/en-us/resources/samples/app-service-msi-keyvault-dotnet/

Is that a scenario that can be enabled in Episerver DXC?