secret management in on premise application

Asked 1/12, 2020 at 14:46 Answered 16/12, 2020 at 15:50

asp.net-core security websecurity asp.net-core-security

The .net core server code I'm working on is going to be hosted both in cloud infrastructure and on premises.

There are many options to handle secret management (connection strings etc...):

Big cloud providers are offering dedicated secret management solutions (AWS KMS, Azure Key Vault, etc..).
Popular orchestrators, offer also their own service (Kubernetes Secrets for example)
In development, we have dedicated secret management tools & process (which are nice)

But how can I store securely secrets on premise hosting? I doubt setting it as a simple variable environment is considered as safe?

Chavey answered 1/12, 2020 at 14:46 Comment(1)

vaultproject.io – Ironwork 6/12, 2020 at 6:35

In the On Prem setup you need to transfer the RISK to the customer who should ensure that the Master Key in this case let's say that you go for Option #3 in which case the access to the Server should be actively controlled , monitored and should be heavily restricted.

So the onus of security is to prevent any un-authorized person from getting a login access to the Server and your configuration stays secured

Kuomintang answered 1/12, 2020 at 19:21 Comment(1)

Yes, but option#3 (VS secret manager) is normaly designed for dev only (as stated by documentation). Furthermore this is not very handy for secret update (compared to options #1 & #2) – Chavey 8/12, 2020 at 15:44

If your on-prem resources have internet access, I would recommend a Key Vault using client certificate authentication and IP restrictions. If you need more security, you can also use VPN.

Mahmoud answered 16/12, 2020 at 15:50 Comment(0)

Recommended topics

Hot tags