ASP.NET Core 中的加密配置 [英] Encrypted configuration in ASP.NET Core

问题描述

随着 web.config 的消失，在使用 ASP.NET Core 构建的 Web 应用程序的配置中存储敏感信息(密码、令牌)的首选方式是什么?

With web.config going away, what is the preferred way to store sensitive info (passwords, tokens) in the configurations of a web app built using ASP.NET Core?

有没有办法在 appsettings.json 中自动获取加密的配置部分?

Is there a way to automatically get encrypted configuration sections in appsettings.json?

推荐答案

用户机密看起来是一个很好的解决方案，用于存储密码以及通常的应用程序机密，至少在开发过程中是这样.

User secrets looks like a good solution for storing passwords, and, generally, application secrets, at least during development.

查看微软官方文档.您还可以查看this 其他问题.

Check the official Microsoft documentation. You can also review this other SO question.

这只是隐藏"的一种方式您在开发过程中的秘密，并避免将它们泄露到源代码树中；Secret Manager 工具不对存储的机密进行加密，不应将其视为受信任的存储.

This is just a way to "hide" your secrets during development process and to avoid disclosing them into the source tree; the Secret Manager tool does not encrypt the stored secrets and should not be treated as a trusted store.

如果您想将加密的 appsettings.json 用于生产，您可以通过构建一个 自定义配置提供程序.

If you want to bring an encrypted appsettings.json to production, you can do so by building a custom configuration provider.

例如:

public class CustomConfigProvider : ConfigurationProvider, IConfigurationSource
{
    public CustomConfigProvider()
    {
    }

    public override void Load()
    {
        Data = UnencryptMyConfiguration();
    }

    private IDictionary<string, string> UnencryptMyConfiguration()
    {
        // do whatever you need to do here, for example load the file and unencrypt key by key
        //Like:
       var configValues = new Dictionary<string, string>
       {
            {"key1", "unencryptedValue1"},
            {"key2", "unencryptedValue2"}
       };
       return configValues;
    }

    private IDictionary<string, string> CreateAndSaveDefaultValues(IDictionary<string, string> defaultDictionary)
    {
        var configValues = new Dictionary<string, string>
        {
            {"key1", "encryptedValue1"},
            {"key2", "encryptedValue2"}
        };
        return configValues;                
    }

    public IConfigurationProvider Build(IConfigurationBuilder builder)
    {
       return new CustomConfigProvider();
    }
}

为你的扩展方法定义一个静态类:

Define a static class for your extension method:

public static class CustomConfigProviderExtensions
{              
        public static IConfigurationBuilder AddEncryptedProvider(this IConfigurationBuilder builder)
        {
            return builder.Add(new CustomConfigProvider());
        }
}

然后你就可以激活它了:

And then you can activate it:

// Set up configuration sources.
var builder = new ConfigurationBuilder()
    .AddJsonFile("appsettings.json")
    .AddEncryptedProvider()
    .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true);

这篇关于ASP.NET Core 中的加密配置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！