Usernames & Passwords (Config file vs Database table)

BabyAqua · January 10, 2020, 5:28am

Vendors provide usernames and passwords to us so that we can access their data tiers. One vendor change the password every 3 months and send the new password to us which means we have to update the password, on our side, for C# API projects that utilize the set of credentials.

We store these credentials in config files which we encrypt the credential section. The disadvantage so far is that when there are new passwords, we have to update the config file with the new passwords and then recompile the C# API projects and then republish on the web server.

Would it be a better design if we store these credentials in a database table instead? This way all C# API projects can obtain from one central place when we update the passwords?

Thanks

yosiasz · January 10, 2020, 6:44am

A rebuild is required when changing a password in the config file? I have never heard of such a thing.

BabyAqua · January 11, 2020, 12:52am

That is what I thought too. It is weird that the last time, I had to rebuild but this time, I was able to do a direct update to the config file.

Anyway, still as for best practice, I am leaning more to the database table.

yosiasz · January 11, 2020, 1:30am

Half a dozen 6 of the other. Both have risks and benefits. Dont get hung up on either approach.