Background
In a normal bare metal hosting (IIS) we can use Integrated Security(eg : With AD) and hence, the config entry do not contain the connection string's plain text password. Or we can encrypt the connection string and can use a secure key store to secure the encryption key.
Question
In a cloud hosting environment( eg: Azure, AWS), how we can secure this connection string ? Normally we do have only a control panel to upload required files and ability to perform other minimal configurations. And most of the time, we do need to access a DB in a different location with credentials. How can we secure our connection string in the config file without using plain text credentials. If we encrypt the connection string, how can we secure the key?