You have an application that includes an Azure Web app and several Azure Function apps. Application secrets including connection strings and certificates are stored in Azure Key Vault. Secrets must not be stored in the application or application runtime environment. Changes to Microsoft Entra ID must be minimized. You need to design the approach to loading application secrets. What should you do?