C
C#5mo ago
Salight

How can i secure my appsettings.json data in my api

How can i secure my secret key,client uri and so on
9 Replies
Angius
Angius5mo ago
If someone was able to ssh into your server you're fucked anyway But if you want an added layer of security, use something like Azure KeyVault
Salight
SalightOP5mo ago
so if i have deployed this api in production the only way to secure datas is online protection like key vault ?
Angius
Angius5mo ago
Yeah But, ideally, the server you're hosting your app on should be secure enough for nobody but you to be able to SSH into it and look at your appsettings If someone can get into your server, as I said, you're screwed anyway
Salight
SalightOP5mo ago
so it doesn't matter if i just put all the things in appsettings.json
Angius
Angius5mo ago
IMO, yes That said, something like KeyVault or similar solutions does add a layer of security on top, if you really want that
Salight
SalightOP5mo ago
i mean am i going to implement all the data(email configuration,connection strings,secret key)
Kyr
Kyr5mo ago
@Salight appsettings.json shouldn't be retreivable via a http request though. They would need something that gave them file-system access to the hosting in order to access it.
Salight
SalightOP5mo ago
so if i let the project like this if they receive the data it is not my fault ? is it on syber security guys
Mayor McCheese
Mayor McCheese5mo ago
Honestly this adds some security, but really it's more about being able to change without redeploying.
Want results from more Discord servers?
Add your server