In the ninth episode, we present a few useful tools, starting with Vault for storing credentials and app settings in general, then we talk about Seq which is a logging system, and eventually, we discuss the Jaeger which provides the distributed tracing.
Wanna seek your/fellow developers opinions on the secrets. Since dpapi isn’t available anymore in dotnet core, we lost the ability to encrypt web.config sections. And in this video, the service secret uses userpass type and is stored in clear text.
If an attacker grabs hold of the appsettings file, and gain access to vault, we potentially loses all the vault secrets?
Is there any more secured way of storing app secrets fundamentally?
Hey, the whole idea is to keep the Vault secret (whether it’s a token, userpass or another type of credentials) on the server side and pass it as a environment variable. It shouldn’t be kept in
appsettings.json file, instead you should override e.g. docker container with a proper environment variable (take a look at our Vault implementation - you could for example set
VAULT_TOKEN) when starting the services on the VM or in the cloud.