Skip to content

Commit 1a47fc6

Browse files
Rick-AndersonRick-Anderson
authored
Update index.md (#33980)
1 parent eb5a4d0 commit 1a47fc6

File tree

1 file changed

+6
-0
lines changed

1 file changed

+6
-0
lines changed

aspnetcore/security/index.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,12 @@ Managed identities are a secure way to authenticate to services without needing
6363

6464
When the app is deployed to a test server, an environment variable can be used to set the connection string to a test database server. For more information, see [Configuration](xref:fundamentals/configuration/index). Environment variables are generally stored in plain, unencrypted text. If the machine or process is compromised, environment variables can be accessed by untrusted parties. We recommend environment variables not be used to store a production connection string as it's not the most secure approach.
6565

66+
Configuration data guidelines:
67+
68+
* Never store passwords or other sensitive data in configuration provider code or in plain text configuration files. The [Secret Manager](xref:security/app-secrets) tool can be used to store secrets in development.
69+
* Don't use production secrets in development or test environments.
70+
* Specify secrets outside of the project so that they can't be accidentally committed to a source code repository.
71+
6672
For more information, see:
6773

6874
* [Managed identity best practice recommendations](/entra/identity/managed-identities-azure-resources/managed-identity-best-practice-recommendations)

0 commit comments

Comments
 (0)