Protecting Secrets

Building and deploying a modern app can involve lots of secrets (passwords, OAuth IDs and secrets), SAS tokens, certificates, etc. These must not be in source control and also should be ready to transition to others.

Our 1Password instance should be primarily used for storage of secrets that need to be shared between team members.

Transmitting Secrets to Others

Secrets should never be transmitted through insecure channels like unencrypted email, over Teams, Skype, etc.

Applications like Keybase can be used to transmit secrets instead.

Secrets in applications

There are better ways than adding secrets directly to config files!

• Safe storage of app secrets in development in ASP.NET Core
• Azure Key Vault

Hashing and Encryption

Know the difference and understand when they need to be applied.

• Hashing: one way functon scrambling the input text to a unique message digest.
• Encryption: two-way function, an encrypted text can be decrypted with the proper key.