curiouswebster
asked on
SOAP Web service: Is App.config a safe place for a security key?
Is it safe? Are there any alternatives besides doing a DB lookup?
How about generating it in the source code?
How else can you protect a
Thanks.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
agree with expert on the "Encrypt".
Also store those secret in environment variables or in files outside of the application's source tree. Better still, use a secrets management service, which protects and manages an application's API keys.
https://learn.microsoft.com/en-us/aspnet/identity/overview/features-api/best-practices-for-deploying-passwords-and-other-sensitive-data-to-aspnet-and-azure