SECRET MANAGER In ASP NET Core | Getting Started With ASP.NET Core Series

Подписаться 33 тыс.

Просмотров 13 тыс.

50% 1

Hey Friends, Most applications that we build these days rely on secrets to perform certain operations. These secrets could include API keys, database credentials, third-party service credentials, etc.
In ASP.NET projects application secrets are often stored within configuration files such as web.config or appsettings.json. However one of the first recommendations of secure coding practices is to Never store passwords or other sensitive data as part of the source code.
So how do you solve this problem of not having sensitive information in your configuration file, but still have a seamless local development experience when developing ASP NET Applications.
🔗Source rahulpnath.vis...
🔗Secret Manager - docs.microsoft...
Additional Watching
📹SPA TEMPLATE - • SINGLE PAGE APPLICATIO...
📹CONFIGURATION - • CONFIGURATION in ASP.N...
📹HTTP CLIENT - • How To Use HTTP CLIENT...
📹OPTIONS PATTERN - • OPTIONS PATTERN in ASP...
📹ASP NET Core Series - • ASP.NET Core
Come say hi! ✋
🌍 Blog - rahulpnath.com/
✉ Subscribe to my Newsletter - www.rahulpnath...
🐦Twitter - / rahulpnath
📸Instagram - / rahulpnath
🎥 Recording Setup and Workflow - www.rahulpnath...
Video Edited by my wife, Parvathy 😍
Make sure to SUBSCRIBE to the channel. THANK YOU for helping me grow this channel !!

Опубликовано:

11 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 62

@onlinemsr 2 года назад

Secret Manager - Very well explained

@RahulNath 2 года назад

Thank you Raja. This article might interest you too www.rahulpnath.com/blog/handling-application-configuration/

@bhavyashah8847 3 года назад

This is so helpful. Thank you Rahul. I learn so many new things from your videos. I will make sure I share your channel with my team members. Cheers!

@RahulNath 3 года назад

Thank ou Bhavya! Happy that these are helpful 😀

@balagurunathanmarimuthu2807 5 месяцев назад

Well explained @Rahul. Keep doing the content like this and stay awesome!

@RahulNath 5 месяцев назад

Thank you Balagurunathan!

@re.tangle 2 года назад

Very concise video, if only every tutorial was like this. Great job, thank you for your work!

@RahulNath 2 года назад

Glad it was helpful! Do check the full series bit.ly/asp-net-core-series

@AndrewBrown-nw9nz 2 года назад

Very well explained -- I wish the official documentation & development books I often consult were as concise as this. Thank you.

@RahulNath 2 года назад

Glad it was helpful Andrew! Do check out the full series in case you haven't already bit.ly/asp-net-core-series. Do let me know your comments in case you get a chance to!

@rainron2664 3 года назад

My idol is back.. thanks a lot master for all of your kind sharing.. God bless you more.. 😊☝️

@RahulNath 3 года назад

Wow! So nice of you Rain. Thank you and glad you are liking it. 😀

@ajaypanse4489 7 месяцев назад

Hi Rahul, Your videos are very helpful to learn the concepts. Good wishes to you. Need to understand, do we need to have separate project of secret manager? Also can we we use same secret manager project to store secrets of multiple applications? Please explain

@panirajn 3 года назад

One more gem of an info you dropped ! thanks

@RahulNath 3 года назад

So I am guessing you like my other videos in this series too 😀 Thank you Paniraj for letting me know

@brianbaldos 2 года назад

Well explained. Thanks a lot!

@RahulNath 2 года назад

Glad it was helpful Brian. Hope you are enjoying the series bit.ly/asp-net-core-series

@tarekjrd75 2 года назад

Hi rahul. Thank you for your efforts. I have a question: " how to specify the secrets in a production environment ? " Like supposing i m gonna launch my server app in a hosting service ? How should i manage my secrets in that env ? Or there is no difference?

@RahulNath 2 года назад

Secrets manager is for local development machine. For your production environment based on the application type there are different approaches. I list them out here in this blog post and an associated video www.rahulpnath.com/blog/handling-application-configuration/ Let me know if that helps you or if you have additional questions.

@sarathbaiju6040 2 года назад

Hi Rahul, is it safe to add this feature to azure function application? When i try to add secret manager file to a existing azure function, it add some other packages moreover, the .csproj file get updated.

@RahulNath 2 года назад

Yes it’s fine to use in local development environments. I show this in my Azure Functions video ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-27OUTVdK2_0.html . There is also an associated DI for Functions video if you are interested. The additional dll is to support integrating the Secret Manager. Let me know if you have additional questions.

@shivamupadhyay6196 2 года назад

Thank You so much, Rahul!

@RahulNath 2 года назад

Glad you liked it Shivam! Do check out the full series if you haven't already bit.ly/asp-net-core-series

@mayureshs80 3 года назад

Thanks ! Can you also make a video for secrets from Azure vault?

@RahulNath 3 года назад

Here it is - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-6l_kpygO0Ic.html You might want to also check my Key Vault Playlist ru-vid.com/group/PL59L9XrzUa-nEwFPxQRu8jV94uM00pN0i Let know if that is what you were after.

@anujadi8366 2 года назад

Great explanation as always sorry i couldn't find the tutorial project linked I just wanted to try out like shown in the video Thank you

@RahulNath 2 года назад

Sorry missed it in the description - Here it is rahulpnath.visualstudio.com/DefaultCollection/RU-vid%20Samples/_git/SecretManager

@akhilm4867 3 года назад

Please do a video about authentication and authorisation including jwt authentication

@RahulNath 3 года назад

Sure Akhil, will do. I am working on it currently. It will be out soon.😀

@MrSachintelalwar 2 года назад

Very well explained. How would this work if I have to use localstack for local development? Would I initialize the DBContext with some condition?

@RahulNath 2 года назад

Thank you Sachin. You can have the connection details to local stack updated in your config file. If the values are publicly available as part of the localstack docs, I would leave that in appsettings.Development.json file, so that your entire dev team has it there by default. Does that answer your question?

@MrSachintelalwar 2 года назад

@@RahulNath Perfect. Yes, it does answer my question. Thank you for the quick response. Appreciate it :)

@RahulNath 2 года назад

@@MrSachintelalwar Great - Thank you!

@MrACody 8 месяцев назад

Can I add condition for production in startup like u added for locl env and use secret manager for production instead of azure valut if I will delooyed in my private servsr

@lavanyaece 2 года назад

how to set up secret. json values on web server when we deploy to the test server?

@RahulNath 2 года назад

You shouldn’t - Secret manager is for use on local development machine. Check out this blog post and associated videos on how to do it on server - www.rahulpnath.com/blog/handling-application-configuration/ Let me know if you have additional questions

@muhammadahsansaifi5182 Год назад

Hello Raul Good work can you share the source code of whole series thank you

@RahulNath Год назад

Thank you - Source code links are in the description for each video. Let me know in case I missed for any.

@mahesh_rcb 3 года назад

Is is possible to set connection string as user secret from command line when publishing .net core app .. For development one connection string For production one connection string. And how to get that CLI of yours it's cool btw 😀

@RahulNath 3 года назад

For terminal I use the Windows Terminal. More details here www.rahulpnath.com/blog/setting-up-windows-terminal/ Not sure if I understand the first question Mahesh. Can you provide some more details? I did a more recent video on different ways you can set environment specific configuration values. Do check out if that answers your question ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-wTSu2aCoR7Y.html

@mahesh_rcb 3 года назад

@@RahulNath The new link is more clear now Thanks 👍🏻. Looking forward to more .net content 😀

@RahulNath 3 года назад

@@mahesh_rcb Nice 👍

@nathanpowell4256 2 года назад

Thanks for the great explanation. The official documentation and videos from Microsoft that try explain these concepts are absolute garbage compared to your video.

@RahulNath 2 года назад

Glad this was helpful Nathan. I got most of the content for this video from the official documentation, but put in my on touch of organizing it differently. Extremely happy to hear that it helped. Do checkout the full series here bit.ly/asp-net-core-series. I am sure you will like it. Do let me know in case you get to watch any of them.

@nathanpowell4256 2 года назад

@@RahulNath Thanks for the link. I'll be sure to check them out.

@mersy4405 2 года назад

Hi Rahul, I have a question that hope you can reply me, I'm following your video and its works on local but when I deploy it to production mode it got an error "Amazon.Runtime.AmazonServiceException: Unable to get IAM security credentials from EC2 Instance Metadata Service.". So how can I get a credential for my production mode? Tks for your time

@RahulNath 2 года назад

For production you should not be using Secret Manager. Looks like you are using AWS, this post and associated video should help www.rahulpnath.com/blog/amazon-credentials-dotnet/ Please let me know if that helps or if you have additional questions.

@MarioLopez-eu8tj 3 года назад

Do you have a similar example regarding how to implement for production environment using the service keyword ?

@RahulNath 3 года назад

Sorry did not understand your question Mario. Can you give me some more details. In prod I would use something like Key Vault . You can check out the associated blog post and article here www.rahulpnath.com/blog/connect-net-core-to-azure-key-vault-in-ten-minutes/ Let know if that is what you are looking for or if you have additional questions.

@MarioLopez-eu8tj 3 года назад

@@RahulNath I meant key vault but i don't know if i can apply it to other project that aren't web type or if there are another alternatives rather than key vault to use.

@RahulNath 3 года назад

@@MarioLopez-eu8tj Sorry for the late reply. Yes you can use KeyVault from any .net application. It is not specific to web project. Let know if you are running into any specific issues and happy to help.

@angeldimitrov1353 2 года назад

@@RahulNath Any insight on how secrets could be managed for sensitive applications running in network-restricted environments, that may not be able to use services like Azure KeyVault? .NET Framework .config files could be configured to have sections that were encrypted with the RSA private key of the machine that was running the application, then .NET would figure out the decryption when the runtime would hit code that needed to access the configuration values. Any idea if .NET Core has an equivalent functionality?

@seegreen6484 2 года назад

Why aren't you using visual studio 😭

@RahulNath 2 года назад

Rider has functionality that enables to easily navigate into framework methods which I often use in these videos. Also I sometimes switch to visual studio (like at 9:03 in this video). Anything in particular you are finding it hard to follow when I use Rider?

@seegreen6484 2 года назад

@@RahulNath No lol I'm just stubborn and like Visual Studio because it's free. Ryders from the same creators of clion/intellij right?

@RahulNath 2 года назад

@@seegreen6484 Haha yeah - I started using Rider because I got a free license as part of Microsoft MVP program. But liking it now 😀