SecureConfig
Tool to give security to the configurations of an ASPNET Core application by encrypting sensitive information and handling in a secure way
Prerequisites:
- NetCore 2.1
- Support from version 1.0.0
- NetCore 3.1
- Support from version 1.2.0
- Net 5.0
- Support from version 1.3.0
· Description:
This tool allows to encrypt configuration sections on app.settings files, and decrypt the information in runtime adding those configuration as a singleton inside the application.
· Getting started:
-
Install ChustaSoft.Tools.SecureConfig package via NuGet Package manager
-
Setup a private key in a secure way (ie: as a environment variable), SecureConfig will use it for encrypt and decrypt the settings files
-
Create a Settings object inside the project, should match the section that will be encrypted
-
Add the AppSettings section in all the different environment appsettings
-
In Program, add the following line during IWebHost building (through IWebHostBuilder)
- .EncryptSettings<[TSettings]>(true)
- [TSettings] correponds to the settings DTO created in the step 2
- true if you want to encrypt the settings
- false if you want to decrypt the files
- .EncryptSettings<[TSettings]>(true)
-
In Startup, on ConfigureServices, add the following line in order to setup the singleton and manage the encrypted/decrypted settings:
- services.SetUpSecureConfig<[TSettings]>(Configuration, testApikey);
- [TSettings] correpond to the settings DTO created in the step 2
- testApikey corresponds to the secret key created in step 1
- services.SetUpSecureConfig<[TSettings]>(Configuration, testApikey);
-
Inject the settings class object in the class that the project will need, SecureConfig manage this class as a Singleton in the application lifecycle
- Full example for .NetCore 2.1
- Full example for .NetCore 3.1
- Full example for .NET 5.0
- Configuration video tutorial
For deep configurations, visit this section of our current wiki
That's all!
Enjoy it and do not hesitate to contacts us for suggestions or doubts.