As a .NET developer, you have to make the right choices when keeping your coding environments fully secure. There is no compromise when it comes to identity protection and access management, so you need to pick the right security tools in this process. That choice isn’t always easy.
Configuring new apps will require providing access to data that is generally non-confidential, but some of this data must be kept secret. These could include,
- API keys,
- database credentials,
- encryption keys,
- certificates for authentication,
- sensitive configuration settings (email address, usernames, debug flags, etc.),
- passwords.
Managing and protecting access to the above may be daunting due to the absence of integrations, limited visibility, or sprawling of secrets. Is there an answer to all of these problems? Yes - it’s called Google Secret Manager.
What is Google Secret Manager?
Google describes the Secret Manager as “a secure and convenient storage system for API keys, passwords, certificates, and other sensitive data. Secret Manager provides a central place and single source of truth to manage access and audit secrets across Google Cloud.”
It allows you to store secrets as binary blobs or text strings, and only users with appropriate permissions will be able to view them. The secrets are stored in a JSON file on your local computer, preventing unwarranted or accidental checking in to source control.
Why not store it in source control?
ASP.NET Core gives you the option to specify configuration settings depending on the environment, allowing you to configure your production environment directly in the appSettings.Production.json file.
This is a good option for certain types of configuration. Still, this file will be checked into source control, so everyone who has access to it will be able to view the database, 3rd party systems, and any sensitive information you store in the file. Do you trust all the developers in your team? If you do - great, but bear in mind that the developers’ computers can be compromised as well.
Besides, even if you store information inside a private repository on GitHub, it doesn’t mean your data is well protected. Buffer, the social media scheduling company, learned it the hard way. First, hackers stole an employee’s password and extracted access tokens from one of their databases, and then accessed Twitter OAuth consumer key and consumer secret. They posted many spams on users’ social media accounts - you can read about the saga
here.
I believe this should suffice as a warning. See how you can better secure your apps in the next section.
Securing apps with GCP Secret Manager
There is nothing trivial about storing sensitive configuration data appropriately. It may not have been easy to manage and access secrets in Google Cloud, but ever since Secret Manager has been released, you can do it like a pro.
For a detailed guide on configuring and use Secret Manager to store app-sensitive data in the .NET Core application, refer to
this article by Tomasz JarzyĆski. This tool will serve as the central place for managing, accessing, and auditing secrets across your Google Cloud infrastructure. Here are the most important features it offers,
- Global names and replication: secrets are project-global resources, but you also have an option to store them regionally.
- First-class versioning: secrets can be versioned, and each version can protect different data. There is no limit on these versions.
- Principles of least privilege: secrets are created at a project level, and only the owners can access those secrets. Other individuals must be granted permissions through Cloud IAM.
- Audit logging: when enabled, audit logging will generate an entry for every interaction, which you can then monitor for abnormal patterns or possible security breaches.
- Strong encryption guarantees: TLS in transit with and AES-256-bit at rest encryption keys. There is no need to modify the way you access the service and no visible performance impact - data is automatically unencrypted when accessed by the owner.
- VPC Service Controls: protects API and enables context-aware access to Secret Manager from hybrid environments.
- Integration with KMS
Note that you must first
enable the Secret Manager API before using the Secret Manager - otherwise, you’ll get an error. Remember to configure the tool properly and store the secrets outside source control to ensure your apps’ maximum protection.