"We Store Secrets in appsettings.json": A Horror Story in Five Acts — Daily DevOps & .NET

Storing credentials in appsettings.json, Git history, or Docker layers is a pervasive Azure security problem. Azure Managed Identity and RBAC eliminate this entirely by replacing static credentials with platform-level cryptographic attestation. The post covers the most dangerous anti-patterns (Service Principal secrets in config, hardcoded storage keys, SQL passwords in connection strings), then shows how to implement credential-free authentication in .NET using DefaultAzureCredential, Bicep for RBAC assignments, and Azure CLI for local development. A four-phase migration path is provided for teams starting from legacy patterns, along with rebuttals to common objections like credential rotation and CI/CD pipeline needs.