Bob Crowley

Information & Communications Technology

.net .net core ASP.NET Visual Studio / .NET SQL Server Data Tools sql server Power Apps Power Automate Microsoft Teams

Portland, Maine, United States

Keeping Configuration Secrets Out Of Source Code

Keeping secrets safe and out of source code has always been challenging. De-coupling sensitive information like connection strings, certificates and passwords keeps these secrets out of source control where it is all to easy to expose them unintentionally.
This session focuses mostly on .Net Core Configuration and also provides an overview of how to leverage Azure App Service Settings, KeyVault and Managed Identities for Azure Resources to help alleviate this long-standing problem. Additionally we will see how to consume configuration even when you, the developer, don't have access to production secrets.
Demonstrated are three application scenarios - A non-Azure-hosted app, An Azure-hosted app and local debugging.
Time permitting, we will also see some techniques for managing secrets in full-framework applications that typically rely on web.config files.
This presentation gives you the basic knowledge to keep secrets out of source code while still assuring correct production configuration.

This session has been well received: https://twitter.com/hutchcodes/status/1112496377009979394


Bob Crowley

Sr. Software Developer, .Net

Bob Crowley is a Senior Software Developer in Portland Maine where he builds solutions in the .Net and Azure ecosystems. He has been writing bugs for over 17 years, mostly in the financial industry despite (or because?) still not knowing the difference between a debit and a credit.

In his free time he likes to make the most of both weeks of Maine's summer out on the water either in a kayak or saltwater fishing.

Find Bob on twitter @contrivedex and see his occasional ramblings on contrivedexample.com.

Bob's full speaker profile