Managing secrets with .BOT files in Bot Framework v4

This article is now hosted at

All blog articles will be hosted on going forward

Comments (4)
  1. MattLavallee says:

    Certainly appreciate your writing this up! I’ve been pretty aggressively consuming Azure services for the past year and was mystified by this “new” approach in V4. I’ve wound up extending the OOB BotConfiguration to use Azure KeyVault for the file & secret, so no sensitive data has to be persisted on disk or in version control (using Managed Service Identity). Hope to see that as a default in V5.

  2. martinlarosa says:

    Nice article!
    The problem I see is that if I use the bot file I need to share the secret with all devs for them to be able to use the bot. Am I right, am I missing something?

    1. Martin Kearn says:

      Yes you do need to share the secret if you have multiple devs working on the same bot.

  3. Roger Brogan says:

    Great write up except for the error in the structure of the .env file. It should be as follows.
    Your JSON format does not work.

Comments are closed.

Skip to main content