I'm building a web application using .NET Core MVC. For local development, using Secrets.json works perfectly, but I know that's not a good practice for a production environment. Once I deploy my app on Azure, should I invest in Azure Key Vault to manage sensitive data like OAuth2 client IDs and AES encryption keys, or can I safely keep that information in the app's environment variables? I'm quite new to Azure, so any advice—no matter how basic—would be really appreciated!
5 Answers
While environment variables are secure, they aren’t the best solution for sensitive data storage. Definitely worth considering the advantages of using Key Vault instead. You could have a chat with AI tools like Claude or ChatGPT to learn even more about this!
Having multiple apps or microservices, Key Vault makes sharing credentials a breeze. It really simplifies access management across your services.
I'd steer clear of solely using environment variables for secrets. If you're managing them across multiple applications, security, versioning, and expiration are critical. Setting up Key Vault from the beginning can help implement good practices. Sure, if it’s just you, you might use environment variables short term, but you'll regret it later when you have to rotate them! Just remember not to hardcode them into version control or share them in templates.
It's definitely a good idea to use Key Vault. While it might seem like an extra cost, it's super cheap, with around $3 for a million calls. Loading your secrets into memory at the app start means you won't feel the pinch of the cost. Plus, managing your secrets through Key Vault keeps things secure and efficient.
This isn’t a dumb question at all! There are various options for storing your secrets, but each has its own security risks. Utilizing AppSettings can work, as they are encrypted at rest when using Azure. It should make transitioning from local development to Azure easy.
Absolutely! It's surprising how some folks want to save a few bucks on something as critical as security. My workplace relies heavily on Key Vault, and we find it works seamlessly.