Configuration

Securing .NET App Secrets with AWS Secrets Manager

Similar to AWS Systems Manager Parameter Store, AWS Secrets Manager allows for storing, managing, and reclaiming OAuth tokens, database credentials, API keys, and other secrets. However, there are big differences between the two AWS services.

AWS Secrets Manager was created for storing confidential data like passwords and secrets so encryption of the stored data is enabled by default. Where as Parameter Store was created to store confidential data as well as general configuration data, like URIs, UNC network paths, and the like. So, understandably, encryption is optional with AWS Systems Manager Parameter Store. Additionally, AWS Secrets Manager features automated key rotation and direct integration with services like RDS, Redshift, and DocumentDB.

How to use AWS Systems Manager Parameter Store as a .NET Configuration Provider

Many changes were made to configuration in .NET Core. Long gone are the days where you have few configuration options. In .NET, there are now out of the box options for INI,  JSON, XML, command-line arguments, in-memory stores, environment variables and key-per-file, et al. And, if those options weren’t enough, you can still develop your own provider.  On top of that, .NET now offers tiers of configuration, where one tier can override another.  This feature comes in very handy for supporting multiple environments.

A Simple Configuration Based CORS Solution for ASP.NET Core

Skip the detail and show me the code.

Warning: some AWS services may have fees associated with them.

CORS, or Cross-Origin Resource Sharing – while simple in concept, seems to still mystify many developers. Simply put, CORS allows you to share resources from your “origin” with browser based consumers from a different origin.  In other words, if I have resources that exist on https://mydomain.xyz, JavaScript based consumers from http://yourdomain.xyz will not be able to access them. By enabling CORS we can share resources with other origins.  Get the full breakdown of CORS at Mozilla Developer Network web docs.