Azure key vault and local development

Question

We currently use the Azure key vault product to secure our database credentials for an app hosted in Azure. For local development, we still use the appsettings.json file to store our database credentials, which results in extra logic in our app to get database credentials from different places based on our environment (development or production). Is this the right approach or should we just get our test credentials from the key vault regardless of the environment? Since getting to the key vault requires some extra http calls to Azure we figured that we would avoid the extra cost where possible. Any thought on this?

Answer 1

Personally i use a secrets.json file for local development, since it's part of the configuration environment just like appsettings.json, and easily accessed in visual studio with Manage User Secrets, but is stored with the user and thus not in source control by default

I think you should at least switch to using a secrets.json for the database credentials, but using the azure key vault is definitely more secure. The added cost of using azure key vault in dev too shouldn't matter compared to the prod cost

Answer 2

Since you have dev non prod environment I would not care much, since main idea of keyvault is to get properties.

In my development Java usually for local development I have properties in config file then when as soon as we deploy to azure we switch on Key vault, its not much about cost its also about flexibility I want to be able to develop offline.