Currently, we hardcode our secrets in an .env file and restrict this file from being seen by the .gitignore file. However, this is restrictive in that it requires the .env file to be known at runtime. While this works for local development, I'm not sure if this will work in production when an azure function (or any other cloud vendor's function) is published. Either way, it's definitely a better idea to upload these to each of the cloud vendor's specialized storage systems to offload any local state we hold.
Currently, we hardcode our secrets in an
.env
file and restrict this file from being seen by the.gitignore
file. However, this is restrictive in that it requires the .env file to be known at runtime. While this works for local development, I'm not sure if this will work in production when an azure function (or any other cloud vendor's function) is published. Either way, it's definitely a better idea to upload these to each of the cloud vendor's specialized storage systems to offload any local state we hold.