C# .NET Core SQL Server Connectivity

Question

Within my startup, I load a set of database connection strings from the appsettings.json file. The connection strings look as follows

"CoreConnectionString": "Server=localhost; Database=DBCore; Uid=someUserName; Pwd=somePW", "IdentityConnectionString": "Server=localhost; Database=DBAuth; Uid=someUserName; Pwd=somePW"

What is the best way to encrypt this information so I don't show the actual user name and password?

Answer 1

Here's two suggestions to not expose your DB Password and Conn Strings:

1. Use a secret file in your computer, apart from your Solution. In Visual Studio 2022 you can do it by clicking your project. Just throw your connections strings there like in AppSettings.json.

• Pro: Easy to use
• Con: You can't deply it with your project or store it at github

2. Use Azure Key Valut to store all connection strings. Read this doc from Microsoft if it's your way to go.

• Pro: No need for local files. Cloud stored Keys.
• Con: Need a bot more configuration in your project and an Azure account.