Reputation: 83
How to store AWS Access Key and Secret Key in .Net Core API Securely
How in a work environment with different AWS environments say for example develop, staging and production is it best to store the AWS Access Key and Secret Key other than in the appsettings.json files in .Net Core? I know there is Secret Manager but not sure if that is the best way to store these two values. Looking for someone that may have done this specifically for production and how they handled this within their organization. Thanks for any information.
Upvotes: 1
Views: 2153
Answers (2)
Reputation: 78563
I believe that your application is running outside of AWS and that it needs to make API calls to AWS services, for example SQS. To make those API calls, your application needs AWS credentials.
Here are approaches for authenticating external applications in a machine-to-machine scenario. In your case, your client seems to need to be able to make arbitrary AWS service requests and that means using AWS signature v4 requests, signed using AWS credentials, which are ideally temporary, rotated credentials from STS rather than persistent credentials (such as IAM user credentials).
Typically, you would configure your application with a base set of IAM credentials that allow the application to assume an IAM role. That role itself, rather than the base credentials, would then give your application the permissions it needs to make SQS API calls etc.
The issue you face is how to securely store the base set of credentials. This is a problem that on-premise applications have had since day one, well before the cloud era, and there are various solutions, depending on the technology you're using.
Typically these credentials would be encrypted, not committed to code repos, and populated on the relevant, locked down application servers in some secure fashion. Some potentially useful resources:
- Encrypting sections of a configuration file for an ASP.NET application
- Use AWS Secrets Manager to store & read passwords in .Net Core apps
- Securely store and retrieve sensitive info in .NET Core apps with Azure Key Vault
Upvotes: 2
Reputation: 110
AWS Secret Manager securely stores your secrets until you retrieve them at runtime. If your going to be running your ASP.NET Core app in AWS, then AWS Secrets Manager is a great option, as it allows you to finely control the permissions associated with the AWS IAM roles running your apps.
Here are some faqs which were given from the AWS for secrets-manager service and which will clear your doubts also.
Here is the article which you can refer to for implementing secure secrets storage for .net core with AWS Secret Manager
Upvotes: 1
Related Questions
- How do I store and access my third party API keys with AWS
- How to protect aws secret access key
- Retrieving secrets from AWS with C# without storing access credentials in code base
- best practices for storing API access keys in asp.NET MVC
- How to store my key for encryption on aws?
- Best practice for storing external API secrets in server using AWS?
- .Net Core Store Private keys in AWS
- How to store AWS access keys in production (and use them in my code)?
- Where is the most secured place to store Amazon AWS Id and secret key?
- Keeping a secret key secret with Amazon Web Services