How can i secure my appsettings.json data in my api
How can i secure my secret key,client uri and so on
9 Replies
If someone was able to ssh into your server you're fucked anyway
But if you want an added layer of security, use something like Azure KeyVault
so if i have deployed this api in production
the only way to secure datas is online protection like key vault ?
Yeah
But, ideally, the server you're hosting your app on should be secure enough for nobody but you to be able to SSH into it and look at your appsettings
If someone can get into your server, as I said, you're screwed anyway
so it doesn't matter if i just put all the things in appsettings.json
IMO, yes
That said, something like KeyVault or similar solutions does add a layer of security on top, if you really want that
i mean am i going to implement all the data(email configuration,connection strings,secret key)
@Salight appsettings.json shouldn't be retreivable via a http request though. They would need something that gave them file-system access to the hosting in order to access it.
so if i let the project like this if they receive the data
it is not my fault ?
is it on syber security guys
Honestly this adds some security, but really it's more about being able to change without redeploying.