在ASP.NET Core中存储生产秘密 [英] Storing production secrets in ASP.NET Core

问题描述

我试图找出在哪里最好地存储ASP.NET Core应用程序的应用程序生产机密.有两个类似的问题我应该在哪里存储连接是我的ASP.NET Core应用程序的生产环境的字符串?和如何将ASP.NET Core UserSecrets部署到生产中两者都建议使用环境变量.

I try to figure out where to best store application production secrets for an ASP.NET Core app. There are two similar questions Where should I store the connection string for the production environment of my ASP.NET Core app? and How to deploy ASP.NET Core UserSecrets to production which both recommend using environment variables.

我的问题是我想使用不同的数据库和不同的数据库凭据来运行Web应用程序的多个实例.因此，应按实例进行一些配置，包括机密信息.

My problem is that I want to run several instances of my web app with different databases and different database credentials. So there should be some per-instance configuration including secrets.

如何以安全的方式实现这一目标?

How could this be achieved in a safe way?

请注意，该应用程序应该能够自我托管，并且可以在IIS下托管！(稍后，如果这个问题很重要，我们还计划在Linux上运行它)

Note that the application should be able to self-host and be hostable under IIS! (Later we also plan to run it on Linux if that is of any importance for the question)

更新

此问题不是有关尝试在生产中使用ASP.NET用户机密的问题！UserSecrets被排除在生产之外.

This question is not about trying to use ASP.NET user secrets in production! UserSecrets are ruled out for production.

推荐答案

如所声明的，用户机密仅用于开发(为了避免意外将凭据提交到SCM中)用于开发，而不用于生产.每个数据库应使用一个连接字符串，即 ConnectionStrings:CmsDatabaseProduction ， ConnectionStrings:CmsDatabaseDevelopment 等.

As they state, user secrets is only for development (to avoid commiting credentials accidentally into the SCM) and not intended for production. You should use one connection string per database, i.e. ConnectionStrings:CmsDatabaseProduction,ConnectionStrings:CmsDatabaseDevelopment, etc.

或使用docker容器(当您不使用Azure App Service时)，则可以基于每个容器进行设置.

Or use docker containers (when you're not using Azure App Service), then you can set it on per container basis.

或者，您也可以使用基于环境的appsetting文件. appsettings.production.json ，但不得将其包含在源代码管理中(Git，CSV，TFS)！

Alternatively you can also use environment based appsetting files. appsettings.production.json, but they must not be included in the source control management (Git, CSV, TFS)!

在启动过程中，只需执行以下操作:

In the startup just do:

    public Startup(IHostingEnvironment env)
    {
        var builder = new ConfigurationBuilder()
            .SetBasePath(env.ContentRootPath)
            .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
            .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true)
            .AddEnvironmentVariables();
        Configuration = builder.Build();
    }

这样，您可以从 appsettings.production.json 加载特定的内容，并且仍然可以通过环境变量覆盖它.

This way, you can load specific stuff from the appsettings.production.json and can still override it via environment variable.

这篇关于在ASP.NET Core中存储生产秘密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！