• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question ASP.NET Core and User Secrets in Production

P

Paul Hermans

Basic Pleskian
When you develop an application with ASP.NET Core you often need to store secrets (like api keys for example).

Right now it is common practice to put secrets in a configuration file like appsettings.json.

But Microsoft says the following in de docs: Safe storage of app secrets in development in ASP.NET Core

"secrets should be made available in the production environment through a controlled means like environment variables, Azure Key Vault, etc"

Is there any way we can manage these "environment variables" via Plesk?
 
I have just set this up. Here's what I did:
  1. Created my key vault in Azure and put some secrets in it.
  2. Restrict access to the key vault to know IP addresses, assigned access to my local IP and the IP address of the plesk server
  3. Then created a service principal in AAD and created a key.
  4. Then assigned it permissions on the key vault using the following powershell script:
    Login-AzureRmAccount
    Set-AzureRmContext -SubscriptionId "<sub id>"
    Set-AzureRmKeyVaultAccessPolicy -VaultName '<key vault name>' -ServicePrincipalName '<sp id>' -PermissionsToSecrets all -ResourceGroupName '<resource group>'
  5. Finally access the key vault in your code using your service principal app ID and key.
I would have preferred not to access using the service principal key since this has to be present in the code. I couldn't find any secret storage in plesk for storing the key. I tried to do it using a cert since azure key vault allows access using a cert that's associated with the service principal instead of the key however plesk and azure key vault use certs in different formats, azure key vault uses pfx whereas plesk expects crt. One can be converted to the other using open ssl but you would have to include this in your code as well and I didn't want to go that far. But since we are restricting access to known IPs i think this is secure enough but I am open to other suggestions.
 
You must log in or register to reply here.

Similar threads

AboodHamwi
Question Using Azure Key Vault with Plesk
Replies
1
Views
801
Bitpalast
Bitpalast
H
Issue Problem to deploy Next App and Express API as a custom server
Replies
6
Views
5K
silllli
S
W
Issue Configuration to host ASP.NET Core 3.1 website on Plesk (Windows / IIS)
Replies
3
Views
7K
shinichi kudo
S
J
HOW TO SET UP YOUR ONLINE STORE WITH WOOCOMMERCE
Replies
1
Views
6K
alex paul
alex paul
E
Cloud Hosting Platforms – Choose the right one for your business
Replies
0
Views
2K
Elvis Plesky
E
Back
Top