Hello,
Storing runtime secrets securely is crucial for maintaining the integrity and security of your application. Azure provides several options for managing secrets, and here are some best practices you might consider:
Azure Key Vault (KV): It’s designed for securely storing and accessing secrets. You can store the access token in KV and give your Azure Data Factory (ADF) Managed Identity the necessary permissions to retrieve the secret. This avoids having to use the ADF Service Principal directly and is considered a secure approach.
Secrets Rotation: Since your access token has a TTL of 3 months, you should implement a rotation policy for your secrets. Azure Key Vault supports this by allowing you to set expiration dates on secrets and provides mechanisms to update them regularly.
Access Control: Ensure that only trusted identities have access to the secrets. Use Azure’s role-based access control to assign the minimum required permissions.
Secrets in Azure SQL Database: Storing secrets in your database can be done, but it’s not recommended due to the complexity My Milestone Card of ensuring encryption and proper access control. If you choose this route, you must ensure that the data is encrypted using Transparent Data Encryption (TDE) and that access is tightly controlled.
Caching Secrets: To minimize calls to Key Vault, you can cache the secret in your application’s memory, but ensure that you implement secure caching strategies to prevent unauthorized access.
Network Isolation: Configure your firewall to restrict access to the Key Vault, allowing only your applications and services to retrieve the secrets.
Remember, the key to managing secrets is not just about where you store them but also how you manage access and rotation. Azure Key Vault is a robust solution that, when used correctly, can help you manage your application secrets effectively and securely.
I hope the solution may helps you.