7 Storing secrets

 

This chapter covers

  • Exploring different kinds of encryption
  • Securely storing configuration settings
  • Using the Secret Manager to store data
  • Using secure cloud storage options
  • Protecting data stored locally by a Blazor app

In 2020, it was discovered that a piece of software by IT company SolarWinds contained a back door that was abused by attackers. Part of the attack involved downloading a malicious software update. The password for the FTP server containing those updates was “solarwinds123” (at least, at some point in 2019). Famously, the CEO blamed it on “an intern.”

A security researcher found this password within a public GitHub repository of the company (see http://mng.bz/1oBj for background information on the attack and its aftermath). We will discuss secure passwords in the next chapter, but this chapter will focus on better ways to store secrets, such as passwords, within an application. There does not seem to be an obvious, simple solution for this task, as numerous examples prove:

7.1 On encryption

7.2 Secret Manager

7.3 The appsettings.json file

7.4 Storing secrets in the cloud

7.4.1 Storing secrets in Azure

7.4.2 Storing secrets in AWS

7.4.3 Storing secrets in Google Cloud

7.5 Using the data protection API

7.6 Storing secrets locally with Blazor

Summary