Working with CosmosDB in your applcation is pretty easy. There are tons of tutorials and sample code that shows how you can easily connect your code to ComsosDb and start coding. However, most if not all of them, will at somepoint say [Insert your CosmosDB Key here]. Which means you are essentially taking your most critical piece of defense (your authentication key) and copying it somewhere in your code or configuration. Invariably, at some point it will get into your source control, and that’s just asking for trouble down the line because it’s way harder to restrict access to sensitive information in source control.
Fortunately, there’s an easy (?) way to deal with this problem and it involves a few built-in Azure features like Azure KeyVault and Managed Identity.