110
CHAPTER 5 | Designing and Developing Multi-Container and Microservice-Based .NET Applications
The docker-compose.yml files at the solution level are not only more flexible than configuration files
at the project or microservice level, but also more secure if you override the environment variables
declared at the docker-compose files with values set from your deployment tools, like from Azure
DevOps Services Docker deployment tasks.
Finally, you can get that value from your code by using
builder.Configuration\["ConnectionString"\]
, as shown in an earlier code example.
However, for production environments, you might want to explore additional ways on how to store
secrets like the connection strings. An excellent way to manage application secrets is using
Azure Key
Vault
.
Azure Key Vault helps to store and safeguard cryptographic keys and secrets used by your cloud
applications and services. A secret is anything you want to keep strict control of, like API keys,
connection strings, passwords, etc. and strict control includes usage logging, setting expiration,
managing access,
among others
.
Azure Key Vault allows a detailed control level of the application secrets usage without the need to let
anyone know them. The secrets can even be rotated for enhanced security without disrupting
development or operations.
Applications have to be registered in the organization’s Active Directory, so they can use the Key
Vault.
You can check the
Key Vault Concepts documentation
for more details.
Dostları ilə paylaş: