Keeping Configuration Secrets Out Of Source Code

Keeping secrets safe and out of source code has always been challenging. De-coupling sensitive information like connection strings, certificates and passwords keeps these secrets out of source control where it is all to easy to expose them unintentionally.
This session focuses mostly on .NET Configuration and also provides an overview of how to leverage Azure App Service Settings, KeyVault and Managed Identities for Azure Resources to help alleviate this long-standing problem. Additionally we will see how to consume configuration even when you, the developer, don't have access to production secrets.
Demonstrated are three application scenarios - A non-Azure-hosted app, An Azure-hosted app and local debugging.
This presentation gives you the basic knowledge to keep secrets out of source code while still assuring correct production configuration.

Presented at Code Camp NYC 2019 and Vermont Code Camp 11

Bob Crowley

Software Engineer, .NET

Portland, Maine, United States

View Speaker Profile