Usernames & Passwords (Config file vs Database table)

Vendors provide usernames and passwords to us so that we can access their data tiers. One vendor change the password every 3 months and send the new password to us which means we have to update the password, on our side, for C# API projects that utilize the set of credentials.

We store these credentials in config files which we encrypt the credential section. The disadvantage so far is that when there are new passwords, we have to update the config file with the new passwords and then recompile the C# API projects and then republish on the web server.

Would it be a better design if we store these credentials in a database table instead? This way all C# API projects can obtain from one central place when we update the passwords?


A rebuild is required when changing a password in the config file? I have never heard of such a thing.

1 Like

That is what I thought too. It is weird that the last time, I had to rebuild but this time, I was able to do a direct update to the config file.

Anyway, still as for best practice, I am leaning more to the database table.

Half a dozen 6 of the other. Both have risks and benefits. Dont get hung up on either approach.