Keeping Configuration Secrets Out Of Source Code

Keeping secrets safe and out of source code has always been challenging. De-coupling sensitive information like connection strings, certificates and passwords keeps these secrets out of source control where it is all to easy to expose them unintentionally. This session focuses mostly on .Net Core Configuration and also provides an overview of how to leverage Azure App Service Settings, KeyVault and Managed Identities for Azure Resources to help alleviate this long-standing problem. Additionally we will see how to consume configuration even when you, the developer, don't have access to production secrets. Demonstrated are three application scenarios - A non-Azure-hosted app, An Azure-hosted app and local debugging. Time permitting, we will also see some techniques for managing secrets in full-framework applications that typically rely on web.config files. This presentation gives you the basic knowledge to keep secrets out of source code while still assuring correct production configuration.