How to manage connection strings for multi tenant azure applications

Question

Hello,

I have a scenario, where I will have several azure applications/services. These services will be accessed by multiple tenants, where each of the tenant will have a separate SQL database. My question is, how to effectively manage connection strings for each tenant in the applications? My ideas were:

1. One central database that will store key-value pairs: tenant_name:connection_string
2. Define in the configuration of each application connection string for each tenant

The problem with the first approach is that I would have to make additional request for connection string each time a tenant uses the service, unless I implement some kind of caching.

The problem with the second approach is that every time I'd like to add/delete a tenant, I'd need to go through several applications and manually manage a connection string for that tenant.

Is there any better solution that azure offers? I want to have some kind of "central register" of connection strings for some tenants, where I can add/delete and all of the specified azure applications would have access to these connection strings. Depending on which tenant is accessing the application, corresponding database would be used.

Thanks

Answer 1

It seems like you have come up with a good solution to manage connection strings for multi-tenant Azure applications. Storing connection strings inside Azure Key Vault is a secure way to manage secrets, and using Azure App Configuration to create references to the Key Vault connection string values is a good way to centralize the management of connection strings.

Your approach of configuring the App Services to access the App Configuration and retrieving the connection string based on the Tenant ID provided by the user is a good way to dynamically select the correct database for each tenant.

You are correct that using this solution, you can change the value of the connection string in Key Vault and the App Services will automatically use the updated value without the need to restart the App Service. Similarly, you can add a new connection string to the Key Vault, add a reference to its value to the App Configuration, and the App Services will be able to retrieve this new connection string without the need to restart the App Service itself.

Overall, your solution seems like a good approach to manage connection strings for multi-tenant Azure applications. Let me know if you have any other questions or if there is anything else I can help you with.

Answer 2

My question might've been little confusing, but I've come to this solution, which should be sufficient for my needs:

1. Store connection strings inside Azure Key Vault
2. Create Azure App Configuration instance, and create references to the Key Vault connection string values
3. Configure in code (C#) my App Services to access the App Configuration
4. Now, when someone makes a request to the App service, he will provide some Tenant Id. Based on this ID, the app service will retrieve the connection string from App Configuration Key Vault reference.

Correct me if I'm wrong, but I believe using this solution I can:

• Change the value of connection string (in Key Vault) and my App Services will automatically use the updated value when retrieving it (without a need to Restart the App Service)
• Add a new connection string to the Key Vault, add a reference to its value to the App Configuration and the App Services will be able to retrieve this new connection string without a need to restart the App Service itself

I will be glad to receive any feedback on this solution.