Recently stored our projects connection strings via Azure Key vault and retrieve them with the Azure key vault config builder for our local builds. This lets us get rid of of our connection string in our source control repo. A fellow dev told me I should look into encrypting with ASP.NET IIS_Reg as it's the "de facto standard" for web.config secret encryption. I can't really find any doc that compares these two techniques. Is it possible/ Would it be redundant to try and use both? Can they be used in tandem?
CodePudding user response:
If you are using Azure Key Vault today, then I would continue to do so, as that is a more future-proof approach than encrypting things in web.config. Especially if you later want to migrate to .NET Core, then your can still keep using AKV.
Encrypting things in web.config is just a pain to administrate. With AKV you can version your secrets and you can better control who has access to what.