The Lounge is rated Safe For Work. If you're about to post something inappropriate for a shared office environment, then don't post it. No ads, no abuse, and no programming questions. Trolling, (political, climate, religious or whatever) will result in your account being removed.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
Ok so I've registered my net core API and a client app with Azure AD, I now have lot's of keys and ids that I need to access my API from the client. All is working as expected. I can't help thinking I've created another problem. I need to put these keys somewhere accessible but secure. Any recommendations?
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
I was going to post that. I've used Key Vault years ago, and even without a wrapper to simplify things, I found it to be very straightforward to use (once you got past initial authentication, which you've obviously already figured out).
Docker / Kubernets Environment Variable via command line or secrets file. ( This require change in app as it needs to read that data from command line or secrets file. Welcome to world of microservices ! )
Zen and the art of software maintenance : rm -rf *
Maths is like love : a simple idea but it can get complicated.
If you're deploying the client to a Windows machine (as opposed to *nix), I'd use the Windows Credential Manager - that means you have to be able to get them out of there, but they are protected by DPAPI at least