使用 Azure KeyVault 存储连接字符串与使用 ASP.net IIS_Reg 加密之间有什么区别?
[英]What is the difference between connection string storage with Azure KeyVault and encryption with ASP.net IIS_Reg?
问题描述
Recently stored our projects connection strings via Azure Key vault and retrieve them with the Azure key vault config builder for our local builds.
最近通过 Azure Key Vault 存储了我们的项目连接字符串,并使用 Azure Key Vault 配置生成器为我们的本地构建检索它们。 This lets us get rid of of our connection string in our source control repo.这让我们可以摆脱源代码控制存储库中的连接字符串。 A fellow dev told me I should look into encrypting with ASP.NET IIS_Reg as it's the "de facto standard" for web.config secret encryption.一位开发人员告诉我,我应该考虑使用 ASP.NET IIS_Reg 进行加密,因为它是 web.config 秘密加密的“事实上的标准”。 I can't really find any doc that compares these two techniques.我真的找不到任何比较这两种技术的文档。 Is it possible/ Would it be redundant to try and use both?是否可能/尝试同时使用两者是否多余? Can they be used in tandem?它们可以串联使用吗?
1 个解决方案
解决方案1
1 2021-11-12 15:58:08
If you are using Azure Key Vault today, then I would continue to do so, as that is a more future-proof approach than encrypting things in web.config.如果您今天正在使用Azure Key Vault ,那么我会继续这样做,因为与在 web.config 中加密内容相比,这是一种更具前瞻性的方法。 Especially if you later want to migrate to .NET Core, then your can still keep using AKV.特别是如果您以后想要迁移到 .NET Core,那么您仍然可以继续使用 AKV。
Encrypting things in web.config is just a pain to administrate.在web.config 中加密东西只是管理起来很痛苦。 With AKV you can version your secrets and you can better control who has access to what.使用 AKV,您可以对您的秘密进行版本控制,并且可以更好地控制谁可以访问什么。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.