Click here to Skip to main content
14,270,795 members
   

ASP.NET

 
Questionopen word file in client side Pin
Member 1447396626-Jun-19 1:34
memberMember 1447396626-Jun-19 1:34 
AnswerRe: open word file in client side Pin
Richard MacCutchan26-Jun-19 1:44
protectorRichard MacCutchan26-Jun-19 1:44 
GeneralRe: open word file in client side Pin
Member 1447396626-Jun-19 17:48
memberMember 1447396626-Jun-19 17:48 
GeneralRe: open word file in client side Pin
Richard MacCutchan26-Jun-19 21:14
protectorRichard MacCutchan26-Jun-19 21:14 
QuestionSafe Storage of Secrets in .NET Pin
Ger Hayden24-Jun-19 21:58
memberGer Hayden24-Jun-19 21:58 
AnswerRe: Safe Storage of Secrets in .NET Pin
Richard Deeming25-Jun-19 1:25
mveRichard Deeming25-Jun-19 1:25 
GeneralRe: Safe Storage of Secrets in .NET Pin
Ger Hayden25-Jun-19 6:55
memberGer Hayden25-Jun-19 6:55 
AnswerRe: Safe Storage of Secrets in .NET Pin
Afzaal Ahmad Zeeshan25-Jun-19 23:46
mveAfzaal Ahmad Zeeshan25-Jun-19 23:46 
First thing to mention here is, why are you even trying to store the secrets—I am assuming, connection strings, API keys, etc. etc.—in your own machine, unless your web server runs in the same machine. In testing or development environment, you should consider using testing or development credentials, that when exposed can be cleared, rotated and wiped without any panic.

I am not sure why you didn't read the documentation for this tool, Microsoft had already made it pretty much clear that this tool is not for "securely storing your credentials", rather "storing your secure credentials". There is a huge difference,
The Secret Manager tool doesn't encrypt the stored secrets and shouldn't be treated as a trusted store. It's for development purposes only. The keys and values are stored in a JSON configuration file in the user profile directory.
So, that was pretty much clear from the documentation that this tool doesn't do anything on its own side and as Richard said, it merely takes the secure information out of your code, to prevent it from being version controlled.

If you are using an external hosting service, use their secure vaults (or something similar in technical terms). For example, it is a bad idea of store the security details or credentials in environment variables, or even in the databases that you hold or own. Because as you said,
Quote:
I'm looking at storing them on the database again, and encrypting them using something like bcrypt to encrypt them.
They are merely encrypted, anyone who has access to your machine—since this data is in your machine—has access to that database, which is clearly visible as these values are needed by your apps to function. Thus, anyone can access the keys.

The good practice to use nowadays is to use secure vaults, you can check with your hosting providers to check if they do provide any. For example, on Microsoft Azure you should use Azure KeyVault, Key Vault | Microsoft Azure, which secures your credentials and resists tampering against it.
The sh*t I complain about
It's like there ain't a cloud in the sky and it's raining out - Eminem
~! Firewall !~

GeneralRe: Safe Storage of Secrets in .NET Pin
Ger Hayden26-Jun-19 2:17
memberGer Hayden26-Jun-19 2:17 
QuestionASP.NET web api tutorial Pin
Cenk KIZILDAĞ24-Jun-19 0:24
memberCenk KIZILDAĞ24-Jun-19 0:24 
AnswerRe: ASP.NET web api tutorial Pin
Eddy Vluggen24-Jun-19 1:52
mveEddy Vluggen24-Jun-19 1:52 
GeneralRe: ASP.NET web api tutorial Pin
Cenk KIZILDAĞ24-Jun-19 3:14
memberCenk KIZILDAĞ24-Jun-19 3:14 
GeneralRe: ASP.NET web api tutorial Pin
Eddy Vluggen24-Jun-19 3:26
mveEddy Vluggen24-Jun-19 3:26 
AnswerRe: ASP.NET web api tutorial Pin
Ger Hayden25-Jun-19 21:33
memberGer Hayden25-Jun-19 21:33 
AnswerRe: ASP.NET web api tutorial Pin
Afzaal Ahmad Zeeshan25-Jun-19 23:50
mveAfzaal Ahmad Zeeshan25-Jun-19 23:50 
QuestionWeb Application and API Pin
Mycroft Holmes12-Jun-19 19:42
memberMycroft Holmes12-Jun-19 19:42 
AnswerRe: Web Application and API Pin
Richard Deeming12-Jun-19 23:15
mveRichard Deeming12-Jun-19 23:15 
GeneralRe: Web Application and API Pin
Mycroft Holmes13-Jun-19 12:36
memberMycroft Holmes13-Jun-19 12:36 
QuestionFinalize() vs Dispose() Pin
Anandkumar Prajapati11-Jun-19 18:35
professionalAnandkumar Prajapati11-Jun-19 18:35 
AnswerRe: Finalize() vs Dispose() Pin
Mycroft Holmes11-Jun-19 20:01
memberMycroft Holmes11-Jun-19 20:01 
QuestionI want to update users table according to ıd value Pin
Member 1064949510-Jun-19 11:38
memberMember 1064949510-Jun-19 11:38 
SuggestionRe: I want to update users table according to ıd value Pin
Richard Deeming11-Jun-19 1:16
mveRichard Deeming11-Jun-19 1:16 
QuestionHow to use treeView to save the directory tree into the SQL Server database ? Pin
Member 24584679-Jun-19 16:27
memberMember 24584679-Jun-19 16:27 
AnswerRe: How to use treeView to save the directory tree into the SQL Server database ? Pin
Richard MacCutchan9-Jun-19 21:49
protectorRichard MacCutchan9-Jun-19 21:49 
QuestionMysterious ADFS problem Pin
Super Lloyd5-Jun-19 21:19
memberSuper Lloyd5-Jun-19 21:19 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.