AddEncryptedJsonConfig: Adds a configuration provider that decrypts certain keys of a given JSON configuration file.AddEncryptedAppSettings: Adds a configuration provider that decrypts certain keys of the appsettings.json file.There are two extension methods that can be used to integrate encrypted configuration files. NET Core applications, DevAttic ConfigCrypter provides convenient extension methods to register the needed configuration providers. To use your encrypted configuration file in your. Install the nuget package DevAttic.ConfigCrypter format (Default: Json) The format of the config file. r, -replace (Default: false) Replaces the original file if passed as parameter.
Fly crypter windows#
This can only be used in Windows environments. n, -name (Group: CertLocation) The subject name of the certificate (CN). p, -path (Group: CertLocation) Path of the certificate. The following command line arguments can be passed for the encrypt and decrypt command. To decrypt the file again you can simply execute:Ĭonfig-crypter decrypt -p c:\path\to\cert.pfx -f c:\path\to\config_encrypted.json -k "Nested.KeyToEncrypt" Command line arguments If you want to prevent the creation of a new file you can simply pass -replace (-r) as additional paramter to the command and the original file will be replaced. This file is now the same as the original one except for the fact that the value for the passed key has been encrypted. To encrypt our key from above we simple execute:Ĭonfig-crypter encrypt -p c:\path\to\cert.pfx -f c:\path\to\config.json -k "Nested.KeyToEncrypt".Īfter that a new files named config_encrypted.json should be created at the same folder as your original config file. After that you can use it with the command config-crypter from your command line.
Fly crypter install#
To install the crypter command line utility just execute dotnet tool install -g. Altough JSONPath usually needs a $ to define the root of the object you can leave it out here. How the key is interprated and what kind of syntax is used to define your key is up to the IConfigCrypter implementation.Ĭurrently only JSON is supported and the JsonConfigCrypter is using the JSONPath Syntax to define your keys ( Link). Notice the separation of the keys with a dot. We want to encrypt the value with the key Nested.KeyToEncrypt. "KeyToEncrypt": "This will be encrypted " Lets assume we have a JSON file that looks like this: If you now have your certificate you need to decide what keys you want to encrypt. pfx format containing a public and private key. In fact you can follow every guide as long as the result is a certificate in. An easy way to do this is being described in this guide: Link To use DevAttic ConfigCrypter you will first need to create a self signed X509 certificate that is being used for the encryption and decryption.
Fly crypter code#
Protect your certificate with a password that is embedded in your source code (currently not supported, but could be easily implemented).Īlso these methods would not be perfectly safe.Storing your certficate in the windows certificate store (supported by ConfigCrypter) and restricting access to it.This means an attacker could decrypt your config if your server is not secure and the attacker gains access.Īdditional security could be achieved by: Usually the certificate to decrypt is hosted on the same server as your web application. WARNINGĮncrypted configuration files will not make your server infrastructure unhackable. A command line utility that lets you encrypt keys in your JSON configuration files and a library that decrypts them on the fly in your. The DevAttic ConfigCrypter makes it easy for you to encrypt and decrypt config files.
0 kommentar(er)
