Skip to content

Tool to give security to the configurations of an ASPNET Core application by encrypting sensitive information and handling in a secure way

License

Notifications You must be signed in to change notification settings

ChustaSoft/SecureConfig

Repository files navigation

SecureConfig


Build Status NuGet Nuget GitHub

Tool to give security to the configurations of an ASPNET Core application by encrypting sensitive information and handling in a secure way

Compatibility table

Framework From Latest Current support
.Net Core 2.1 1.0.0 1.0.0
.Net Core 3.1 1.2.0 Current ✔️
.NET 5.0 1.3.0 Current ✔️
.NET 6.0 1.4.0 Current ✔️

Description:

This tool allows to encrypt configuration sections on app.settings files, and decrypt the information in runtime adding those configuration as a singleton inside the application.

· Getting started:

  1. Install ChustaSoft.Tools.SecureConfig package via NuGet Package manager

  2. Setup a private key in a secure way (ie: as a environment variable), SecureConfig will use it for encrypt and decrypt the settings files

  3. Create a Settings object inside the project, should match the section that will be encrypted

  4. Add the AppSettings section in all the different environment appsettings

  5. Configure the tool

    • If your project framework is .NET 6.0

      • At Program
        var settings = builder.SetUpSecureConfig<AppSettings>(testApikey);
        
        // [...] More stuff
        
        // After build called from WebApplicationBuilder
        // [...] More stuff
        
        app.EncryptSettings<AppSettings>();
        
        
    • If your project framework is under .NET Core 2.1, 3.1 or .NET 5.0

      • At Program
      CreateHostBuilder(args)
                      .Build()
                      .EncryptSettings<AppSettings>(true)
                      .Run();
      
      • At Startup
        var settings = services.SetUpSecureConfig<AppSettings>(_configuration, testApikey);
        
    • In all TFM's and examples provided, for reference:

      • testApikey is referred to the securely stored key documented at step 2
      • [TSettings] correponds to the settings DTO created in the step 3.
      • Settings DTO ([TSettings]) is injected as a singleton in the DI container.
      • By default is true if you want to encrypt the settings, set as false if you want to decrypt the files
  6. Inject the settings class object in the class that the project will need, SecureConfig manage this class as a Singleton in the application lifecycle

For deep configurations, visit this section of our current wiki

That's all!

Enjoy it and do not hesitate to contacts us for suggestions or doubts.

Thanks for using and contributing

Twitter Follow YouTube Video Views

About

Tool to give security to the configurations of an ASPNET Core application by encrypting sensitive information and handling in a secure way

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages