How do we secure the username and password of the DB connection details in the appsettings.json not to be in plain text in Azure ? I saw from another article that the Azure Managed Identity is not supported.
Can we use Azure KeyVault? Is there another alternative?
Hi mperrott,
Maybe this topic can help you out:
Also see the documentation here:
https://docs.thinkwisesoftware.com/docs/deployment/azure.html
I hope this supplies you with all the information 
Kind regards,
Mark Jongeling
Hi Mark,
I’m not looking for the deployment instructions, thank you for that.
I’m looking for the way to secure the MetaSourceConnection information not to be in the appsettings.json file in plain text.
I only found this article that was tried with Azure manage identity: https://community.thinkwisesoftware.com/installation-11/azure-managed-identity-for-iam-indicium-1289
I’m looking for another alternative from the suggested in the above article from using only a plain text for the username and password in the MetaSourceConnection section.
Regards
Michalis Perrott
Hi Michalis,
Within Thinkwise it has been tested and the following solution will solve your problem. This way the credentials are securely stored in the Application settings in the Azure WebApp.
When you have Indicium (Universal) in Azure as WebApp, you can go into the Application Settings and add the following settings. Note: the Names have double underscores e.g. MetaSourceConnection__Database
The appsettings.json can like the following:
{
"Logging": {
"ApplicationInsights": {
"LogLevel": {
"Default": "Information",
"System": "Information",
"Microsoft": "Warning",
"Indicium": "Debug"
}
},
"IncludeScopes": false,
"LogLevel": {
"Default": "Information",
"System": "Information",
"Microsoft": "Warning",
"Indicium": "Debug"
}
},
"MetaSourceConnection": {
"Server": "",
"Database": "",
"PoolUserName": "",
"PoolPassword": ""
}
}To sum it up;
Create four new application settings named:
and give them the value needed.
We will make a blog post about this and the documentation will soon be expanded accordingly.
Kind regards,
Mark Jongeling
Thank you Mark,
This information is missing from the online documentation, this is very useful to have known in advance during the installation 
.
I have tested it and it is working. Can I assume that also other parts of the appsettings.json file can be placed in the same manner in the webapp application setting? e.g. EMAIL SMTP?
It is safe to assume it is. You can try it out and let us know in this thread 
Keep note of the double underscores in the settings.
I’m pleased to let you know that I have transferred all the below configuration and everything is working as expected.
With this movement of configuration Upgrading is so much easier.
Only automation I need to implement is for the images/icons/logos that need to be replaced in Indicium and Universal after upgrade, and the replacement of the name of “Universal” in the index.html file of Universal.
Thanks a million Mark.
I’m pleased to let you know that I have transferred all the below configuration and everything is working as expected.
With this movement of configuration Upgrading is so much easier.
Only automation I need to implement is for the images/icons/logos that need to be replaced in Indicium and Universal after upgrade, and the replacement of the name of “Universal” in the index.html file of Universal.
Thanks a million Mark.
Maybe a tip of interest; What we currently do is commit an updated GUI to a Git repository and let a build automation tool (Bamboo) add/update some assets using PowerShell scripts, returning a .zip file which we then directly can upload to Azure (that even could be done by using the automation tool). The only manual labour is now do a check-in in of the updated GUI files, the build automation should take care of the rest.
Maybe a tip of interest; What we currently do is commit an updated GUI to a Git repository and let a build automation tool (Bamboo) add/update some assets using PowerShell scripts, returning a .zip file which we then directly can upload to Azure (that even could be done by using the automation tool). The only manual labour is now do a check-in in of the updated GUI files, the build automation should take care of the rest.
Thanks Rene. 
I was planning to use Jenkins as I’m more familiar with it.
Thanks a million Mark.
Thank my colleague 
We are happy to help
Hi Michalis,
Within Thinkwise it has been tested and the following solution will solve your problem. This way the credentials are securely stored in the Application settings in the Azure WebApp.
When you have Indicium (Universal) in Azure as WebApp, you can go into the Application Settings and add the following settings. Note: the Names have double underscores e.g. MetaSourceConnection__Database
The appsettings.json can like the following:
{
"Logging": {
"ApplicationInsights": {
"LogLevel": {
"Default": "Information",
"System": "Information",
"Microsoft": "Warning",
"Indicium": "Debug"
}
},
"IncludeScopes": false,
"LogLevel": {
"Default": "Information",
"System": "Information",
"Microsoft": "Warning",
"Indicium": "Debug"
}
},
"MetaSourceConnection": {
"Server": "",
"Database": "",
"PoolUserName": "",
"PoolPassword": ""
}
}To sum it up;
Create four new application settings named:
and give them the value needed.
We will make a blog post about this and the documentation will soon be expanded accordingly.
Kind regards,
Mark Jongeling
This Best answer, provided by Mark Jongeling, is now documented in topic: Store database user credentials securely.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.