• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question ASP.NET Core and User Secrets in Production

P

Paul Hermans

Basic Pleskian
When you develop an application with ASP.NET Core you often need to store secrets (like api keys for example).

Right now it is common practice to put secrets in a configuration file like appsettings.json.

But Microsoft says the following in de docs: Safe storage of app secrets in development in ASP.NET Core

"secrets should be made available in the production environment through a controlled means like environment variables, Azure Key Vault, etc"

Is there any way we can manage these "environment variables" via Plesk?
 
I have just set this up. Here's what I did:
  1. Created my key vault in Azure and put some secrets in it.
  2. Restrict access to the key vault to know IP addresses, assigned access to my local IP and the IP address of the plesk server
  3. Then created a service principal in AAD and created a key.
  4. Then assigned it permissions on the key vault using the following powershell script:
    Login-AzureRmAccount
    Set-AzureRmContext -SubscriptionId "<sub id>"
    Set-AzureRmKeyVaultAccessPolicy -VaultName '<key vault name>' -ServicePrincipalName '<sp id>' -PermissionsToSecrets all -ResourceGroupName '<resource group>'
  5. Finally access the key vault in your code using your service principal app ID and key.
I would have preferred not to access using the service principal key since this has to be present in the code. I couldn't find any secret storage in plesk for storing the key. I tried to do it using a cert since azure key vault allows access using a cert that's associated with the service principal instead of the key however plesk and azure key vault use certs in different formats, azure key vault uses pfx whereas plesk expects crt. One can be converted to the other using open ssl but you would have to include this in your code as well and I didn't want to go that far. But since we are restricting access to known IPs i think this is secure enough but I am open to other suggestions.
 
You must log in or register to reply here.

Similar threads

J
HOW TO SET UP YOUR ONLINE STORE WITH WOOCOMMERCE
Replies
1
Views
5K
alex paul
alex paul
E
Cloud Hosting Platforms – Choose the right one for your business
Replies
0
Views
2K
Elvis Plesky
E
J
How to start your online store with WooCommerce
Replies
0
Views
3K
joerg
J
J
Plesk Onyx – Designed for Vultr.com
Replies
0
Views
3K
Joerg Strotmann
J
J
How to deploy Plesk Onyx on Amazon EC2
Replies
0
Views
4K
joerg
J
Back
Top