我遵循在开发过程中安全存储应用机密在开发期间指导 asp.net 文档,但它没有描述在发布到另一台机器进行 QA、生产等时如何使用它.我认为它会在发布期间将它们插入 appsettings.json 但确实如此不是.我最终不得不将我的 SendGrid 密钥和其他敏感信息直接放入 appsettings.json 中,这确实违背了应用机密的目的.
使用应用程序机密是最好的方法,还是有其他方法可以在我的配置中存储 API 密钥和 SQL 用户/密码?
不要在生产环境中使用应用机密.曾经.正如文章所说,在开发过程中.
如何在生产环境中发布机密取决于您的生产环境.Linux、Windows 和 Azure 都支持环境变量——这就是你的秘密应该去的地方,使用你的托管服务提供商给你的任何 UI.
应用程序设置文档对此进行了更详细的说明p>
I followed the Safe storage of app secrets during development guide over on the asp.net docs during development but it does not describe how to use it when publishing to another machine for QA, Production, etc. What I figured it would do was insert them into the appsettings.json during publish but it does not. I ended up having to place my SendGrid keys and other sensitive information directly into the appsettings.json which really defeats the purpose of the app secrets.
Is using app secrets the best way or is there another way to store API keys and SQL user/passwords in my configs?
Don't use app secrets in production. Ever. As the article says DURING DEVELOPMENT.
How you publish secrets in production is up to your production environment. Linux, Windows and Azure all support environment variables - that's where your secrets should go, using whatever UI your hosting provider gives you.
The app settings documentation goes into this in greater detail
这篇关于如何将 ASP.NET Core UserSecrets 部署到生产环境的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!