Edition 0 Updated to asp. Net core 0
Store secrets in environment variables
Yüklə 11,82 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Store secrets with the ASP.NET Core Secret Manager
|
Store secrets in environment variables
One way to keep secrets out of source code is for developers to set string-based secrets as environment variables on their development machines. When you use environment variables to store secrets with hierarchical names, such as the ones nested in configuration sections, you must name the variables to include the complete hierarchy of its sections, delimited with colons (:). For example, setting an environment variable Logging:LogLevel:Default to Debug value would be equivalent to a configuration value from the following JSON file: { "Logging" : { "LogLevel" : { "Default" : "Debug" } } } To access these values from environment variables, the application just needs to call AddEnvironmentVariables on its ConfigurationBuilder when constructing an IConfigurationRoot object. Note Environment variables are commonly stored as plain text, so if the machine or process with the environment variables is compromised, the environment variable values will be visible. Store secrets with the ASP.NET Core Secret Manager The ASP.NET Core Secret Manager tool provides another method of keeping secrets out of source code during development . To use the Secret Manager tool, install the package Microsoft.Extensions.Configuration.SecretManager in your project file. Once that dependency is present and has been restored, the dotnet user-secrets command can be used to set the value of secrets from the command line. These secrets will be stored in a JSON file in the user’s profile directory (details vary by OS), away from source code. Secrets set by the Secret Manager tool are organized by the UserSecretsId property of the project that’s using the secrets. Therefore, you must be sure to set the UserSecretsId property in your project file, as shown in the snippet below. The default value is a GUID assigned by Visual Studio, but the actual string is not important as long as it’s unique in your computer. 333 CHAPTER 8 | Make secure .NET Microservices and Web Applications Yüklə 11,82 Mb. Dostları ilə paylaş:
|