2

I do understand the problem of "secrets" being embedded in a solution, either in code or data files because these get checked in to source control.

So there is the Secrets Manager Tool which works great I guess for development. But what if you go into production, say you publish your website to shared webhost. That means I would not use AZURE because it costs money.

Thus, out of the development scenario and production with Azure scenarios there is no way to use Secret Manager otherwise? What would be the best and easiest way to store and use secrets in production without Azure? I tried encryption in the past but I was looking for a more transparent implementation.

Lord of Scripts
  • 3,579
  • 5
  • 41
  • 62
  • What is your deployment scenario? Can you upload some `appsettings.production.json` after "main" deployment? – Dmitry Apr 21 '17 at 21:26
  • @Dmitry I guess I can upload anything. The question is how I can use the secrets approach in a production environment that is NOT using Azure, just my shared hosting environment. – Lord of Scripts Apr 21 '17 at 22:54
  • You can use it same was you use it in Azure - not using it :) "Secrets" are saved in windows user profile. Typically you have no access to user profile in Azure. If you are using environment variables or KeyVault - they are not about UserSecrets, they are about Options. – Dmitry Apr 21 '17 at 23:54
  • And is there a free tier for Key Vault/Options I can use for my web applications? I have been looking at it on Azure but it is not clear whether I will have to pay or not. – Lord of Scripts Apr 25 '17 at 15:16

0 Answers0