问题
SQL azure connection strings always include a password (as Azure SQL Server doesn't support OS authentication) which makes it unsafe to keep them in web.config files. A typical recommendation you can find on the net is to move them to cloud configuration settings which means declaring a setting in ServiceDefinition/WebRole/ConfigurationSettings section of ServiceDefinition.csdef file so that you can edit them in the portal:
The problem with this approach is whenever you re-deploy your site the settings you set in the portal get overriden with what values are in ServiceConfiguration.*.cscfg. Of course, you can put your connection strings to the file but that's pointless as you still keep the secrets in a source control.
Azure Key Vault could be a good solution here but I'd like to explore other options before going this route. What would you recommend?
回答1:
As Lanorkin said, If we define the connection string in Azure web app. It will not be overrode when re-deploy. However, the behavior is totally different in Azure cloud service. It will be override when redeploy. I think you could submit a new feature at Azure feedback forum for this issue. At currently, if you do not want to store the connection string in source control, Key Vault may be a choice.
来源:https://stackoverflow.com/questions/40706406/how-to-properly-store-connection-strings-in-azure