I'm trying to solve a customer case where they would like no sensitive data stored in the file system. They ideally would like to use Managed Identities in Azure for all connections between resources e.g. SQL access. I've tried to dig into the EPiServer internals to check if this is possible at all, but it seems like a task that requires changes to many internal classes.
Is there a way to accomplish this without overriding all the DBFactory/ConnectionContext internals in EPiServer? What I need is to have an SQLConnection where I can place the access token - but down low EPiServer mainly use DBConnection and assue I can cast it to SQLConnection I counted at least 5 different classes that needs to be overriden to solve this issue.
If not, is there a plan for the future to make this work?
As you state, using Managed Identity for SQL connections might be hard to implement in Episerver. Especially if it is a Commerce site.
As an alternative, you can just remove the regular connection strings from your config files, and define them in the Azure Web App configuration. This way no passwords are stored in the file system or version control system.
Thanks. I am aware of these options, but the customer really wants to use managed identity. Our interim solution is to store the connection strings in Key Vault and set them on the App Service configuration from the release pipeline. The downside to this is that the few people who can access the App Service, also can read the connection string secrets.