在非Azure生产环境中，ASP.NET核心中的用户机密存储的推荐解决方案是什么？

Question

I am working on a .net core project, which needs to read some user secrets. I read the following two articles.

• Safe storage of app secrets in development in ASP.NET Core
• Azure Key Vault configuration provider in ASP.NET Core

I am wondering if there is a similar solution for a non-Azure production environment, eg one that would work in AWS.

Answer 1

.NET Core allows you to store your secrets in various places of the configuration system.

There are many different configuration providers listed in the documentation :

• File formats (INI, JSON, and XML).
• Command-line arguments.
• Environment variables.
• In-memory .NET objects.
• The unencrypted Secret Manager storage.
• An encrypted user store, such as Azure Key Vault.
• Custom providers (installed or created).

It's convenient to manage the user secret with Microsoft.Extensions.SecretManager.Tools on the command line and then use Microsoft.Extensions.Configuration.UserSecrets to get the secrets from your app's configuration.

However, you should encrypt the stored information yourself, wherever you store it, eg. the appsettings.production.json.

To do so you can make use of a custom configuration provider to encrypt and decrypt your secrets. Your custom provider should inherit from the ConfigurationProvider class as shown here .

public class CustomConfigProvider : ConfigurationProvider
{
    public CustomConfigProvider() { }

    public override void Load()
    {
        Data = MyEncryptUtils.DecryptConfiguration();
    }
}

See also: Encrypted Configuration in ASP.NET Core