1
votes

We currently use the Azure key vault product to secure our database credentials for an app hosted in Azure. For local development, we still use the appsettings.json file to store our database credentials, which results in extra logic in our app to get database credentials from different places based on our environment (development or production). Is this the right approach or should we just get our test credentials from the key vault regardless of the environment? Since getting to the key vault requires some extra http calls to Azure we figured that we would avoid the extra cost where possible. Any thought on this?

2
Have you considered using Azure AD credentials instead of using database connection strings in your application?Gaurav Mantri
Since getting to the key vault requires some extra http calls to Azure we figured that we would avoid the extra cost where possible. This is a micro-optimization. You're talking about a handful of extra HTTP calls to the keyvault, each of which take a few milliseconds to complete and cost, if anything, thousandths of a cent.Daniel Mann

2 Answers

2
votes

Personally i use a secrets.json file for local development, since it's part of the configuration environment just like appsettings.json, and easily accessed in visual studio with Manage User Secrets, but is stored with the user and thus not in source control by default

I think you should at least switch to using a secrets.json for the database credentials, but using the azure key vault is definitely more secure. The added cost of using azure key vault in dev too shouldn't matter compared to the prod cost

1
votes

Since you have dev non prod environment I would not care much, since main idea of keyvault is to get properties.

In my development Java usually for local development I have properties in config file then when as soon as we deploy to azure we switch on Key vault, its not much about cost its also about flexibility I want to be able to develop offline.