When utilizing the BYODB concept (publishing a set of entities to a customer controlled SQL Database and periodically exporting data for individual companies), the form DMFDataSource, has a button to Show/Hide the Connection String details. It's controlled by a duty and privilegies, but it seems like a weak point in the design to construct and show/hide the Connection String in a Form.

The suggestion is to support storing the Secret (key) to encrypt/decrypt the Connection String in Azure Key Vault, exactly as implemented for the Data Export Service provided for Dynamics 365 (CRM Online).

I know support for Key Vault is expected in the July 2017 Release, but it only says support for Customer Managed Certificates which is also very important.