The flask documentation recommends to use an instance folder to hide sensitive configuration variables (e.g. api keys, secret keys) from version control. Is it acceptable to keep sensitive configuration variables in an instance folder when deploying to an Azure App Service for production or should the variables be stored using a different method (e.g. enviromental variables, Azure key vaults)?
2
Answers
I’d say depends on your definition of acceptable 🙂 it would be more secure to use Environment variable or Azure Key Vault, but its certainly possible to just store those in git
keeping sensiitive data in GIT is not a good practice.
Azure keyvalut is not free, but its safer than anything else.
you can just use the azure app configuration