Within my startup, I load a set of database connection strings from the appsettings.json file. The connection strings look as follows
"CoreConnectionString": "Server=localhost; Database=DBCore; Uid=someUserName; Pwd=somePW", "IdentityConnectionString": "Server=localhost; Database=DBAuth; Uid=someUserName; Pwd=somePW"
What is the best way to encrypt this information so I don't show the actual user name and password?
CodePudding user response:
Here's two suggestions to not expose your DB Password and Conn Strings:
- Use a secret file in your computer, apart from your Solution. In Visual Studio 2022 you can do it by clicking your project. Just throw your connections strings there like in AppSettings.json.
- Pro: Easy to use
- Con: You can't deply it with your project or store it at github
- Use Azure Key Valut to store all connection strings. Read this doc from Microsoft if it's your way to go.
- Pro: No need for local files. Cloud stored Keys.
- Con: Need a bot more configuration in your project and an Azure account.