Base solution for your next web application
Open Closed

Encrypt/Decrypt appsettings.json file #5596


User avatar
0
gep13 created

Hello,

I have two questions that I am hoping to get some help on...

The first is with regard to the overall appSettings.json file. We would like to fully encrypt this file once it is deployed, and I am trying to figure out where I can put a custom ConfigurationSource in the application to allow this information to be decrypted, prior to handing it off to the rest of the application. Does anyone have an example of how to do this, or can provide some information about what needs to be done here? Is what I am suggesting considered a best practice, or should I be looking towards something else?

The other part of the question is related, as it also appears in the appSettings.json file, and that is the AbpZeroLicenseCode. Is this "ok" to leave in the appSettings.json file? Is it sensitive in anyway, i.e. would we not want other people to get access to this? What are the best practices around securing this information if required?

Thanks

Gary


2 Answer(s)
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    For the first one, you can try <a class="postlink" href="https://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration/index?view=aspnetcore-2.1#custom-configuration-provider">https://docs.microsoft.com/en-us/aspnet ... n-provider</a>.

    AspNet Zero doesn't check license code on production, so you can leave it empty when you deploy your app. For development time, you can store it in user secrets <a class="postlink" href="https://docs.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-2.1&tabs=windows">https://docs.microsoft.com/en-us/aspnet ... bs=windows</a>.

  • User Avatar
    0
    gep13 created

    Thank you for getting back to me!

    That information will be very useful, appreciate your time.

    Gary