Stop putting secrets in config files. Azure Key Vault centralizes secret management with proper access control and auditing.
Create Key Vault
az keyvault create --name myappkv --resource-group myapp-rg --location westeuropeAdd Secrets
az keyvault secret set --vault-name myappkv --name "DatabasePassword" --value "secret123"Access from .NET
// In Program.cs
config.AddAzureKeyVault(
new Uri("https://myappkv.vault.azure.net/"),
new DefaultAzureCredential()
);
// Access as config
var password = Configuration["DatabasePassword"];Best Practices
- Use Managed Identity for Azure services
- Enable soft-delete and purge protection
- Rotate secrets regularly
- Audit access logs
References
Discover more from C4: Container, Code, Cloud & Context
Subscribe to get the latest posts sent to your email.