![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 1%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFO%3C/text%3E%3C/svg%3E)
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,448 questions
Hello @Fredrik Olsen , in order to avoid giving access to a database connection string from your local application you could move the database access workload to a custom API. APIS are best suited to store secrets such as password and connection strings. You application would authenticate and get authorized against your API which in turn would get authorized to gain access to KeyVault or better yet, directly to your database (provided is deployed in the cloud).
Take a look to the following docs for more information:
- Desktop app that calls web APIs
- Mobile application that calls web APIs
- On-behalf-of flows with MSAL.NET or Client credential flows in MSAL.NET
- Microsoft Authentication Library for iOS and macOS
- Managed identities for Azure resources documentation: to avoid handling credentials in your API + Which SDK to use - Azure SDK or MSAL?
- About Azure Mobile Apps: client and api multiplatform all in one developement that avoids separate client and API development
Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.