I plan to build a REST API in Azure connecting to SQL Azure as a backend repo. How do I secure the database connectivity credentials between the API and DB?
Are the more than one option available to accomplish this?
Add a comment
|
1 Answer
The first option would be to use azure keyvault https://azure.microsoft.com/en-us/documentation/articles/key-vault-developers-guide/#coding-with-key-vault
The connection string would be stored in the keyvault and in the application you would call the keyvault api to get the secret and the connectionstring value would be provided to the application at runtime. Even if anyone got access to your azure subscription they can still not get access to the data stored in the vault.
In general the best option is to not store any important or confidential data in the config files. as it may get to the wrong hands and might accidentally be uploaded to github etc ( if u make the code open source) .
other option azure web apps provide you is to store these values as part of app settings which would be made available to application at runtime .
