C
C#2y ago
uselessxp

❔ WebAPI .NET 7.0 - Encrypt connectionstring in appsettings.json

guys, I'm writing some WebAPI using .NET 7.0, and I'd like to secure the connectionstring with encryption, I found a guide that suggest to do it by using C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe is it a good way or is something old? currently the connectionstring is placed into appsettings.json (not into web.config) and this is its content: 
{
  "ConnectionStrings": {
    "Default": "Server=127.0.0.1;Database=mydb;User Id=testuser;Password=testpwd;TrustServerCertificate=true"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "AllowedHosts": "*"
}
{
  "ConnectionStrings": {
    "Default": "Server=127.0.0.1;Database=mydb;User Id=testuser;Password=testpwd;TrustServerCertificate=true"
  },
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "AllowedHosts": "*"
}
2 Replies
Pobiega
Pobiega2y ago
The correct way is to use user-secrets on development, and to use a keyvault or environment variables in production You should not have connectionstrings checked into your source control
Accord
Accord2y ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server