Home > database >  Why I need to store my ASP.NET service configuration in Azure Key Vault
Why I need to store my ASP.NET service configuration in Azure Key Vault

Time:12-06

There is a feature in the ASP.NET Core, that allows you to store sensitive configuration keys in the Azure Key Vault as Secrets.

However, I can't see any attack scenario, in which this will help to protect my configuration values.

If my server that hosts service is compromised and someone has access to it, then he easily can access Azure Key Vault secrets, using the identity of this compromised machine.

It makes no sense to me, and I think that I'm missing the concept of this feature itself.

CodePudding user response:

According to the documentation:

Common scenarios for using Azure Key Vault with ASP.NET Core apps include:

  • Controlling access to sensitive configuration data.

  • Meeting the requirement for FIPS 140-2 Level 2 validated Hardware Security Modules(HSMs) when storing configuration data.

In my personal opinion, this is more like a environment variables scenario where you don't want the variables sitting in a git where any employee can see or is an open source project or even a public project.

  • Related