1

I am having a problem securing the sensitive information stored as plain text in apsettings.json. Currently, My application is in .net core, reading those sensitive configurations from appsettings.json that are store in plain text format. For Example { "UserName": ABC, "Password": xyz }

I want to make them encrypted/secure/masked so that any unauthorized user could not read that data. Other way can be encrypt the appsettings.json at deployment time and decrypt it in memory while using configuration. How can I encrypt the appsettings.json at deployment time and decrypt it in memory.

any help would be appreaciated.

Improve this question

1 Answer 1

Reset to default
1

With .net core you can use encrypted JSON by using Package EncryptedJsonConfiguration. In order to add the package you install it using NuGet manager or PowerShall :

Install-Package Miqo.EncryptedJsonConfiguration

Then in your Program.cs :

var key = Convert.FromBase64String(Environment.GetEnvironmentVariable("SECRET_SAUCE"));
Host.CreateDefaultBuilder(args)
        .ConfigureAppConfiguration((hostingContext, config) =>
        {
            config.AddEncryptedJsonFile("settings.ejson", key);
        })
        ...

then in your startup file :

services.AddJsonEncryptedSettings<AppSettings>(_configuration);

For more info you should check : https://github.com/miqoas/Miqo.EncryptedJsonConfiguration

The most recommended way to create encrypted files is by using Kizuna command line tool. Read more : https://github.com/miqoas/Kizuna

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks, That's the what I was looking for

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.