Try our conversational search powered by Generative AI!

AI OnAI Off

Storing api-keys in appsettings.json

Laurent
Laurent
Vote:
 

I am integrating ImageShop (DAM) into my Optimizely project and need to have my configuration setup in appsettings.json like this: 

"ImageshopOptimizelyPlugin": {
    "Settings": {
        "token": "<api key>"
    }
}

We are currently storing API-keys in DXP's app secrets, but in this case it needs to be added to appsettings.json. The documentation does not provide any way of substituting secrets with variables (something you can do with Azure Key Vault). How can I add the key into appsettings while also concealing its value?

#308756
Sep 20, 2023 9:00
Quan Mai
Quan Mai
Vote:
 

can you share the document for setting up ImageShop? there might be away to override ...

#308760
Sep 20, 2023 9:42
Laurent - Sep 20, 2023 10:23
Thank you for responding Quan. Here is the documentation: https://nugetprodusnc-northcentralus-01.regional.azure-api.net/packages/Imageshop.Optimizely.Plugin
Paul McGann (Netcel)
Paul McGann (Netcel)
Vote:
 

Hi Laurent,

I believe the way to do this is very similar to how key vault references are added in azure portal.

If you have access to a DXP environment in azure if you look at the connectionstrings you will will notice they have a key vault reference.

What you can do is get in touch with Opti support to request adding your values to key vault.

Once they do this you should receive the references and then add those to your appsettings.

Paul

#308761
Sep 20, 2023 9:47
Vincent
Vincent
Vote:
 

Hi 

I'm not sure if I understand your question correctly 

If you need to manage sensitive data for local development, you can use asp.net core security manager 

https://learn.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-7.0&tabs=windows

The key you set in secret manager will need to be same as the key you stored in DXP appsetting in PaaS portal, so when you app gets deployed to DXP, it will automatically use the value stored in DXP appsetting

There is one caveat from what I recall that the DXP appsetting does not support nested level configuration setup. In other words, the way you stored your API key in the json won't work.You need to move your secret (token) to the root level within the AppSettings.json.

I hope above helps.

#308769
Sep 20, 2023 12:57
Quan Mai
Quan Mai
Vote:
 

The addon in question has code that reads from appsettings.json directly, it's not in OP's control 

#308771
Sep 20, 2023 13:26
Quan Mai
Quan Mai
Vote:
 

@Laurent - I think the approriate long term action here is to raise the issue with ImageShop so they update their class to allow reading from keyvault 

#308772
Sep 20, 2023 13:27
Laurent - Sep 20, 2023 13:31
Will do! I know that many Optimizely solutions use ImageShop. I wonder if they just paste their keys directly in appsettings and commit it, or if they've figured out a better of doing this all together
Laurent - Sep 20, 2023 13:32
I'll update this thread if ImageShop responds with a solution
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.