Encryption best practices for deploying .net core on prem

jsphillips's Avatar

jsphillips

21 Feb, 2018 06:14 PM

I have built .Net Core in Jenkins and deployed it to an Azure instance via Octopus however encryption was handled through Azure there. I would like to inquire about the best practices for encryption for deploying to an our on prem servers for our internal applications. Basically what are the final encryption step templates or custom scripts that need to be put into the deployment process that Octopus recommends for that code once it is deployed. We will be upgrading to the latest version of Octopus next weekend also. Thanks.

  1. 1 Posted by jsphillips on 26 Feb, 2018 02:40 PM

    jsphillips's Avatar

    Any update on this?

  2. Support Staff 2 Posted by Michael Noonan on 27 Feb, 2018 12:03 AM

    Michael Noonan's Avatar

    Hi!

    Thanks for getting in touch, and I'm sorry about the delayed response.

    What exactly are you trying to encrypt as part of your deployment? Are you concerned about sensitive configuration values which will be sitting in your application configuration files after the deployment is completed?

    If that is the case, there are some steps in the Octopus Community Library for working with the traditional .NET *.config files, but nothing specific to .NET Core applications.

    For .NET Core, you will need to decide on which way you want to handle sensitive configuration values. Unfortunately for you at this point in time neither our team, nor the .NET Core team, have taken a very strong opinion on this yet - so you will need to consider which path you want to take, and write some of your own scripting to make this work.

    This blog post provides a good overview of the options available to you regardless of whether you use Octopus or not: https://stormpath.com/blog/store-protect-sensitive-data-dotnet-core

    In this case you could use a PostDeploy.* script which runs after your package is deployed, and it will take the configuration values in your config file and encrypt them using a method which can be decrypted by your application.

    Hope that helps!
    Mike

  3. 3 Posted by jsphillips on 27 Feb, 2018 03:27 PM

    jsphillips's Avatar

    Hey Michael. Yes, I am concerned about the sensitive values that will be deployed to the server and was inquiring about encryption. From the research that I have done lately, your response is what I expected. We have written a script to handle the encryption. Thanks for your response.

    Scott Phillips “act as if”
    IT Systems Specialist | [email blocked]<mailto:[email blocked]> | 334.612.5427
    [alfainfopsSIG]

    From: Michael Noonan [mailto:[email blocked]]
    Sent: Monday, February 26, 2018 6:03 PM
    To: Phillips, Scott <[email blocked]>
    Subject: Re: Encryption best practices for deploying .net core on prem [Questions #17145]

    CAUTION: This email originated from outside of the Alfa network. Do not click links or open attachments unless you recognize the sender and know the content is safe. Ref #49275

  4. Support Staff 4 Posted by Michael Noonan on 27 Feb, 2018 10:27 PM

    Michael Noonan's Avatar

    Hi Scott,

    Thanks for keeping in touch! I'm glad you got it figured out. Don't hesitate to reach out if you need help with anything else.

    Happy Deployments!
    Mike

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac