Hello.
NopCommerce should use user-secrets and keyvaults if hosted in azure.
Is this in the roadmap? I've started using it in my projects recently.
Connectionstring and secrets should use user-secrets and keyvault
- 1
- 5
- 17/04/2024
Hello!
Implementing user-secrets and Key Vaults in Azure for NopCommerce sounds like a promising idea for enhancing security and managing sensitive data effectively. While I don't have access to NopCommerce's specific roadmap beyond my last update in January 2022, integrating such features aligns well with modern security practices and could potentially be considered for future updates.
To get the most accurate information about NopCommerce's roadmap and potential features, I recommend reaching out directly to the NopCommerce development team through their official channels. They can provide insights into their plans and whether integrating user-secrets and Key Vaults in Azure is on their radar. Doglikesbest
In the meantime, incorporating these practices into your own projects is a proactive step towards ensuring the security and integrity of your applications. If you need any guidance or assistance in implementing these features, feel free to ask!
Implementing user-secrets and Key Vaults in Azure for NopCommerce sounds like a promising idea for enhancing security and managing sensitive data effectively. While I don't have access to NopCommerce's specific roadmap beyond my last update in January 2022, integrating such features aligns well with modern security practices and could potentially be considered for future updates.
To get the most accurate information about NopCommerce's roadmap and potential features, I recommend reaching out directly to the NopCommerce development team through their official channels. They can provide insights into their plans and whether integrating user-secrets and Key Vaults in Azure is on their radar. Doglikesbest
In the meantime, incorporating these practices into your own projects is a proactive step towards ensuring the security and integrity of your applications. If you need any guidance or assistance in implementing these features, feel free to ask!
Silver Solution Partner
Sviluppatori certificati
- 332
- 2270
- 02/03/2018
- Norway
For instance access tokens, connectionstrings etc. Up until now I've saved some access tokens and secrets in settings, but that's not great since admins have access to settings. I could store them in db outside settings, but then its harder to use user-secrets as far as i understand. When using user-secrets locally appsettings are overridden if a user-secret exists on the computer. So right now i have no connectionstring in appsettings. Its loaded from user-secrets locally, and when the app is in azure i use connectionstring on the webapp itself. This way i'm sure prod CS is on the web app, and test db locally.
Summary about azure key vault
Secrets Management: Azure Key Vault can be used to securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.
Key Management: It provides a secure location to store and manage cryptographic keys. Keys stored in Azure Key Vault are protected by hardware security modules (HSMs). The service supports multiple key types and algorithms, and allows for the creation, import, and control of keys.
Summary about azure key vault
Secrets Management: Azure Key Vault can be used to securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.
Key Management: It provides a secure location to store and manage cryptographic keys. Keys stored in Azure Key Vault are protected by hardware security modules (HSMs). The service supports multiple key types and algorithms, and allows for the creation, import, and control of keys.