I come from this post that explains how AWS SM SDK gets the credentials from your WEB API calls by implementing such methods:
IAmazonSecretsManager client = new AmazonSecretsManagerClient(
RegionEndpoint.GetBySystemName(region));
GetSecretValueRequest request = new GetSecretValueRequest();
request.SecretId = "MySecretNameExample";
GetSecretValueResponse response = null;
response = client.GetSecretValue(request);
However a couple questions were left unanswered which are very important to me:
The answers said that when it comes to the AmazonSecretManagerClient class, the documentation says: Constructs AmazonSecretsManagerClient with the credentials loaded from the application's default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance.
application configurations, in the case of .NET 8 do they mean credentials stored in the app settings.json file ?I've read in the documentation ( which I really think I can't understand whatsoever ) that there "should" ( maybe ) be environment variables set somewhere on your system and/or your code, which to me sounds like plain text credentials and therefore a no go.
I'm asking all of this because I'm very new to adding such 3rd party services to my code and this time I want my WEB API to run on GitHub Pages and therefore I will have to have my repository be public, which no info can be found anywhere in the source code.
Also I have such a hard time wrapping my head around being able to access such delicate data without having to provide credentials that have to be found in the code somehow "written" in the source code in order for the app to be able to communicate with the service.
In the AWS SDK for .NET, credentials are selected in a specific order. You can find it in the AWS SDK for .NET Developer Guide: https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/creds-assign.html
Does that mean that AWS will spin off an EC2 instance on your behalf...?
No. If your .NET code is running on an EC2 instance, and no other credentials are available in the 7 previous steps to resolve credentials (see link above), then the AWS SDK will grab your instance's profile credentials.
And when they say the application configurations, in the case of .NET 8 do they mean credentials stored in the app settings.json file?
You can set your AWS profile in your appsettings.json, and then authenticate with the AWS CLI so your code uses credentials setup in environment variables automatically:
Having AWS credentials dynamically set as environment variables on a local environment is fine from a security perspective.
This seems to be only about local development, how does that translate to a production environment?
Normally, you'd take a "batteries-included" approach in production: Let your code running in AWS grab the default instance credentials tied to the IAM role for the instance (whether its an EC2 instance role, or an AWS Lambda execution role), and let it attempt to access AWS resources that way. You'd have to make sure your instance has the right policies set for the role.
I'm asking all of this because I'm very new to adding such 3rd party services to my code and this time I want my WEB API to run on GitHub Pages and therefore I will have to have my repository be public, which no info can be found anywhere in the source code.
GitHub Pages will not able to host your web application - it just hosts files meant to be presented in your web browser. If you want to run a server-side REST API, you need something that will run .NET code in the cloud for you. Some resources to get started: