Integrate OCORE/OCORE_web-based secret management using Azure Key Vault and DPAPI cache. Update appsettings.json to remove plaintext secrets and list managed keys. Register secret management in Program.cs. Update .gitignore for secret files. Add documentation for naming conventions and migration, plus a PowerShell script for initial secret upload. Centralizes and secures secret handling across the app.
This commit is contained in:
+24
-8
@@ -1,4 +1,20 @@
|
||||
{
|
||||
"SecretManagement": {
|
||||
"VaultUri": "https://pcwkeys.vault.azure.net/",
|
||||
"AppName": "fuchs",
|
||||
"CacheFilePath": "secrets.cache",
|
||||
"SyncIntervalHours": 6,
|
||||
"ManagedSecretKeys": [
|
||||
"ConnectionStrings--ocms-ConnectionString",
|
||||
"ConnectionStrings--fuchs-fds-ConnectionString",
|
||||
"Fuchs--SMS-APIKey",
|
||||
"Fuchs--Email--Main--password",
|
||||
"Fuchs--Email--Fds--password",
|
||||
"Fuchs--Email--Service--password",
|
||||
"Fuchs--fuchs-captcha-TOTP",
|
||||
"Fuchs--fuchs-intranet-TOTP"
|
||||
]
|
||||
},
|
||||
"Logging": {
|
||||
"LogLevel": {
|
||||
"Default": "Information",
|
||||
@@ -7,8 +23,8 @@
|
||||
},
|
||||
"AllowedHosts": "*",
|
||||
"ConnectionStrings": {
|
||||
"ocms_ConnectionString": "Data Source=MSSQL4.NBG4.DOMAINXYZ.DE,10439;Initial Catalog=site_fuchs_dev;Persist Security Info=False;TrustServerCertificate=true;Encrypt=true;User ID=fuchs_web;password='Bt5pL/cJg9oxb5';Connect Timeout=60;Load Balance Timeout=240;Max Pool Size=500;",
|
||||
"fuchs_fds_ConnectionString": "Data Source=MSSQL4.NBG4.DOMAINXYZ.DE,10439;Initial Catalog=site_fuchs_dev;Persist Security Info=False;TrustServerCertificate=true;Encrypt=true;User ID=fuchs_dev;password='!Po@cGZ5bUn37khO';Connect Timeout=60;Load Balance Timeout=240;Max Pool Size=500;"
|
||||
"ocms_ConnectionString": "MANAGED_BY_KEYVAULT",
|
||||
"fuchs_fds_ConnectionString": "MANAGED_BY_KEYVAULT"
|
||||
},
|
||||
"Fuchs": {
|
||||
"ocms_guid": "00094b8f-a822-4e9c-b627-87802f93fca8",
|
||||
@@ -16,9 +32,9 @@
|
||||
"ocms_default_locale": "de",
|
||||
"fuchs_guid": "cbfc57b3-6b85-4bbc-ab68-3b2c7408af5e",
|
||||
"fuchs_intranet_guid": "cbfc57b3-6b85-4bbc-ab68-3b2c7408af5e",
|
||||
"fuchs_captcha_TOTP": "4OXKGB3KS3VZNIUTTQLHECRUVN7ZDEFGSXYVU56D7UCKQZK7VHK7ZN",
|
||||
"fuchs_intranet_TOTP": "ZNQIUF4KC5XSL2ZXK6VQIZYG74SAMW7FDAGT7ZOVYFJCXBJ47RQW3O",
|
||||
"SMS_APIKey": "VLbm04ILlDby4EHjqolI9L95bAnfsipJcli0uvppMBHVq0BI1YR2gvpbKJRWDINu",
|
||||
"fuchs_captcha_TOTP": "MANAGED_BY_KEYVAULT",
|
||||
"fuchs_intranet_TOTP": "MANAGED_BY_KEYVAULT",
|
||||
"SMS_APIKey": "MANAGED_BY_KEYVAULT",
|
||||
"Email": {
|
||||
"Main": {
|
||||
"alias": "Sebastian Fuchs - Bad und Heizung",
|
||||
@@ -29,7 +45,7 @@
|
||||
"port": 587,
|
||||
"security": "StartTls",
|
||||
"username": "anfrage@sanitaerfuchs.de",
|
||||
"password": "DsCG8wxc4!Cu9"
|
||||
"password": "MANAGED_BY_KEYVAULT"
|
||||
},
|
||||
"Fds": {
|
||||
"alias": "Sebastian Fuchs - Bad und Heizung",
|
||||
@@ -40,7 +56,7 @@
|
||||
"port": 587,
|
||||
"security": "StartTls",
|
||||
"username": "rechnungen@sanitaerfuchs.de",
|
||||
"password": "8M9#s7TVg6b"
|
||||
"password": "MANAGED_BY_KEYVAULT"
|
||||
},
|
||||
"Service": {
|
||||
"alias": "ProcessWeb Service",
|
||||
@@ -51,7 +67,7 @@
|
||||
"port": 587,
|
||||
"security": "StartTls",
|
||||
"username": "service@emails.processweb.de",
|
||||
"password": "Uk84za4Qzba4ij"
|
||||
"password": "MANAGED_BY_KEYVAULT"
|
||||
},
|
||||
"TestAddresses": "st.ott@web.de,info@processweb.de"
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user