This might be a touch off-topic technically, but I think its relevant to building great services.
I am looking around for great solutions for helping store configuration, that includes better protection for secrets, and can easily be integrated into development/production flows, that also meets these goals:
- Services load their configuration settings through a single interface (i.e.
IAppSettings
) when they start, and even cache settings for a period of time. - Some of these configuration settings can come from files in source code. (for example: Web.Config)
- Some of these configuration settings (i.e. connectionstrings, passwords, apikeys etc) need to come from a secure storage/vault, but must be aggregated through same
IAppSettings
interface. A hierarchy of stores might be searched, for settings for example. - In desktop development, the configuration can come from a local offline source (i.e. filesystem, library, or simple stubbed service that can be started in testing) and the configuration settings and secrets can be stored in source control (assuming that these secrets will never compromise real production secrets - i.e. just used in testing).
- When deployed, the configuration settings can come from static files, but the secrets must come from a secure online source (i.e. Azure Key Vault, etc), that a developer would not generally have access to, nor accidentally access.
We want to try to minimize any out-of-band configuration for desktop development, to make local development and testing straightforward, so favor configuration and secrets stored in files and source control for local dev and test. To get developers up and running quickly.
In ServiceStack, we have IAppSettings
of course, and we can engineer anything we want, but what are the common solutions and solutions out there that can be integrated into ServiceStack for this, that meet these basic requirements?