Currently, I'm storing all key/value pairs in Application Settings, but I'm not happy with this approach. What is the recommended way to store settings for dev, test, stage, and prod? I need to make sure that prod settings are not visible to developers. Is there a way to create 4 different JSON files and define access permissions on them? Or do I need to create 4 different Function apps (or subscriptions)?
Asked
Active
Viewed 293 times
3
-
Two points, maybe that can satisfied your requirements. First, use [deployment solt](https://i.stack.imgur.com/Lk1zk.png), then you can have dev, test... settings. Second, put azure keyvault in app settings but forbid developers to access keyvault. What I mean is that you only give the developer keyvault, but he can't know the specific value. – Cindy Pau Jul 24 '20 at 02:13
-
Key Vault is the good to store secrets or app settings in fact you can create different key vault for Dev/QA/Prod and give access to specific person. – Naveen Kumar Jul 24 '20 at 04:30
1 Answers
3
Azure App Configuration is a relatively new service that sounds like it could help in terms of managing the config values centrally with more control than individual instance App Settings.
Beyond that, you could perhaps build segregation by limiting devs to pushing code only and not accessing the hosting environment (Azure portal, etc). The layer in between would be something like Azure DevOps or Github Actions that has access to Azure, while devs are limited to pushing code that triggers deployment.
Also worth reminding ourselves that devs ultimately have a lot of access by virtue of writing the code. If they want to get at runtime data, they can, somehow. If you consider the devs untrusted, you may have bigger problems. If it's just a matter of preventing mistakes, a solid devops process is the key.
Noah Stahl
- 6,905
- 5
- 25
- 36
-
Considering what happened with the recent Twitter hack, I'd say trusting people is not enough. I'll check out AAC. Never heard of it before. Thanks. – user246392 Jul 24 '20 at 13:36