As I am a programmer with solely experience with production environments in the cloud that run with a cloud-based secret manager, I was wondering: How are secrets managed in an on-premise instance? I bet they are not just written in the application settings or the OS environment variables?
1 Replies
• There is no equivalent of an azure key vault in a premises environment though you can use ADCS (Active directory certificate services) for certificate shared secret management in on-premises infrastructure for authorizing and authenticating resources, service principal names, and other identity attributes.
• Though for the handling of the cryptographic keys used by the cloud apps and services hosted on-premises, we can set up app key vaults for business central on-premises servers as well.
• Though, if you want to directly use the Azure key vault’s functionality in your on-premises infrastructure environment, you can provide internet access to your on-premises resources and use client certificate authentication and IP restrictions with key vault through a VPN tunnel for additional security.