I'm trying to load a p12 certificate file with a password and I wanted to know what is the best practice for storing and using the password in production environment.
The code being used is:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;
var handler = new WebRequestHandler();
var certificate = new X509Certificate2Collection();
certificate.Import(@"D:\certificate.p12", "password", X509KeyStorageFlags.DefaultKeySet);
handler.ClientCertificates.AddRange(certificate);
handler.ServerCertificateValidationCallback = ValidateServerCertificate;
var client = new HttpClient(handler)
{
BaseAddress = new Uri(chargeCodeServer)
};
The password being used is in the following line:
certificate.Import(@"D:\certificate.p12", "password", X509KeyStorageFlags.DefaultKeySet);
We deploy using TeamCity, Octopus and using Powershell scripts. Please let me know if anything else is needed.
Octopus Deploy allows you to store "sensitive" variables. When you use the sensitive flag, it doesn't display the value in the Octopus UI or in the Octopus log files.
All of your Octopus variables are available within any Powershell deployment tasks.
The variables are protected with your Octopus master key, so I would say this is a reasonable place to keep this kind of information - especially as Octopus is super-good at allowing you to use (for example) a different certificate on each environment, with differenct credentials.