Mail configuration for Ghost on Azure with SendGrid

In the last post, I described how to install and update Ghost on Azure. The next step is to configure SMTP settings to allow Ghost to send mails. The easiest solution is to use SendGrid, since both Ghost and Azure embrace it.
On the Azure side, SendGrid is already included in the new portal, you don't have to install it from the Marketplace anymore. Just search for it in the global search bar.

Create an account using the Free pricing tier if you don't expect to send more than 25k emails/month. A username is generated and is accessible in the Configurations blade of the SendGrid account you just created. It should be like azure_[alphanumeric-string]
On the Ghost side, SendGrid is already baked in, and you can easily find guidance on how to setup it. The official documentation also provides informations to setup others Email services. The problem is, in each case, the username and the password are stored directly in the config.js file, which is, for various reasons, not the best place to store secrets.
A more elegant way to configure this on Azure is to use the Application settings of the Web App.

Add the three following keys

emailUsername = [SendGrid_UserName]  
emailPassword = [SendGrid_Password]  
emailService = Sendgrid  

Don't forget to click Save.
Next, we can configure the config.js file to use those variables in the production environment, which are automatically made available as environment variables by Azure.

    production: {
        url: websiteUrl,
        urlSSL: websiteUrlSSL,

        // Visit for instructions
        mail: {
         transport: 'SMTP',
         options: {
             service: process.env.emailService,
             auth: {
                 user: process.env.emailUsername, // sendgrid username
                 pass: process.env.emailPassword  // sendgrid password

Your blog should now be ready to send mails, without exposing anything in the configuration files.