Best way to store private files in a node.js application hosted on Windows Azure

Question

I planning to host a simple node.js app on the website tier of Azure.

The application uses a .pem file to sign responses. The issues is that I'd like to deploy the application by simply pushing the git repo, but I don't want to include the .pem file in that repo because it seems that would be a big security issue?

Is there a way I can manually upload one file? What's the best way to store a .pem file on Windows Azure? What are common ways to handle situations like this?

Answer 1

This question is a bit open-ended, as I'm sure there are several viable ways to securely transfer a file.

Having said that: From an Azure-specific standpoint: You should be able to upload a file to your Web Site via ftp. Also, you could push a file to a specific blob and have your app check periodically for files in said blob. To upload (or download later), you'd need the storage account's access key, and as long as you're the only one with that key, you should be ok. When uploading from outside of Azure, you can connect to storage via SSL, further securing the upload.

While you could probably use a queue (either Storage or Service Bus) with the .pem file as payload in a message that your node app would monitor, you'd need to ensure that the file fits within the limits of the message size (64K for Azure Queue, 256K for Service Bus queue).