Home

Description

This tool allows to encrypt configuration sections on app.settings files, and decrypt the information in runtime adding those configuration as a singleton inside the application. The basic idea is to give security to the configurations of an ASPNET Core application by encrypting sensitive information and handling in a secure way.

Prerequisites

• NetCore 2.x
  • Support from version 1.0.0
• NetCore 3.x
  • Support from version 1.2.0

Getting started:

1. Install ChustaSoft.Tools.SecureConfig package via NuGet Package manager

2. Setup a private key in a secure way (ie: as a environment variable), SecureConfig will use it for encrypt and decrypt the settings files

3. Create a Settings object inside the project, should match the section that will be encrypted

4. Add the Settings in all the different environment appsettings

5. In Program, add the following line during IWebHost building (through IWebHostBuilder)

.EncryptSettings<[TSettings]>(true)

• [TSettings] correponds to the settings DTO created in the step 2
  • true if you want to encrypt the settings
  • false if you want to decrypt the files

6. In Startup, on ConfigureServices, add the following line in order to setup the singleton and manage the encrypted/decrypted settings:

services.SetUpSecureConfig<[TSettings]>(Configuration, testApikey); [TSettings] correpond to the settings DTO created in the step 2 testApikey corresponds to the secret key created in step 1

7. Inject the settings class object in the class that the project will need, SecureConfig manage this class as a Singleton in the application lifecycle

That's all!! :)

Deep configuration:

• By default, the tool is looking for a section called "AppSettings" in the appSettings files, from version 1.2.2 if a custom section name wants to be specified, it is mandatory to do it at EncryptSettings (Program, Main) and SetUpSecureConfig (ConfigureServices), in example:

  .EncryptSettings<[TSettings]>(true, "AppSettingsCustomName")

  services.SetUpSecureConfig<[TSettings]>(Configuration, testApikey, "AppSettingsCustomName");

Examples:

Full example for .NetCore 2.x:

• https://github.com/ChustaSoft/SecureConfig/tree/master/ChustaSoft.Tools.SecureConfig.NetCore2.TestApi

Full example for .NetCore 3.x:

• https://github.com/ChustaSoft/SecureConfig/tree/master/ChustaSoft.Tools.SecureConfig.NetCore3.TestApi

Configuration video tutorial:

• https://twitter.com/ChustaSoft/status/1198636624340488192

Enjoy it and do not hesitate to contacts us for suggestions or doubts.