Jun 24, 2020 02:32 PM|mgebhard|LINK
So is storing the password inside the appsettings.json a bad approach or insecure approach?
Typically storing sensitive data like passwords in the appsettings.json is a bad approach.
as by default the database connection strings which include the password for the database service account will be stored inside the appsettings.json...
That's only true if you are using SQL logins. It's very common to run a web application under a domain account and configure integrated Windows security which does not include a password in the connection string. However, if you are using SQL login then
you should secure the connection string.
I'm sure you'll be interested in reading the previous links as the docs covers several methods for securing configuration.