Using Azure Key Vault in a Pipeline is cool, but it is less secure.

The Key Vault setup

Have you tried the Key Vault Step in an Azure DevOps Pipeline? If you haven’t, please follow these awesome guides:

• Azure DevOps Labs. Using secrets from Azure Key Vault in a pipeline
• Tobias Zimmergren. Using Azure Key Vault Secrets in Azure DevOps pipelines

The steps described in these guides are easy, but that effort made me think about the first pair of pros and cons.

If you have an external web service reference in your sharepoint solution, you can use web.config configuration like:

<system.serviceModel>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<bindings>
        <wsHttpBinding>
            <binding name="WSHttpBinding\_ISuperService" >
                <security mode="None">
                    <message clientCredentialType="None" />
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <client>
        <endpoint address="http://super.domain/SuperService.svc"
            binding="wsHttpBinding"
            bindingConfiguration="WSHttpBinding\_ISuperService" 
            contract="ISuperService"
            name="SuperServiceEndpoint">
        </endpoint>
    </client>
</system.serviceModel>
```security mode is set to "None". Then in code just get this configuration:

var proxy = new SuperServiceClient(“SuperServiceEndpoint”); var result = proxy.GetSomething();

var binding = new WSHttpBinding(); binding.Security.Mode = SecurityMode.None; var endpoint = new EndpointAddress(“http://super.domain/SuperService.svc"); var proxy = new ExternalServices.DreamServiceClient(binding, endpoint); var result = proxy.GetSomething();