using aws secret manager with .net core mvc

Question

builder.Configuration.AddSecretsManager(region: RegionEndpoint.EUCentral1,
    configurator: options =>
    {
        options.SecretFilter = entry => entry.Name.StartsWith($"{env}_{appName}_");
        options.KeyGenerator = (_, s) => s
            .Replace($"{env}_{appName}_", string.Empty)
            .Replace("__", ":");
        options.PollingInterval = TimeSpan.FromSeconds(10);

    });
  builder.Services.Configure<DatabaseSettings>(
    builder.Configuration.GetSection(DatabaseSettings.SectionName));

. If a hacker were to gain access to my EC2 Windows server, implementing the solution of not allowing the connection string to be read from the appsetting.json file would prevent them from accessing it. However, the hacker could potentially use a tool like dnSpy to reverse engineer the code and extract the connection string. Using an obfuscator would also prevent the hacker from being able to read the connection string. So why would I need AWS SecretsManager.

Answer 1

SecretsManager is about managing your secrets lifecycle. If a hacker gains access to your machine then anything in that machine is vulnerable and should be treated as compromised. For example if a machine has compromised a secret you can terminate that instance and use SecretsManager to rotate your secret and depending on how the other parts of your system are coding they can automatically pick up the rotation. It also provides access controls for who can access the secrets which can be easily revoked in the case of a compromised situation.