How do you guys handle db password change in appsettings.json?
-
I have a .NET Core WebAPI, and I have the db connection string stored in the appsettings.json. In my company, the policy is the db password would change every 6 months. Since this is a pretty common IT security requirement, I wonder how other people handle their application's connection string? Every 6 months, edit the appsettings.json, re-deploy Just go and edit the connection string directly on production server while it's running (since the appsettings.json is read during run time, I assume this would not be a problem?) How do you guys do this? We are using on-prem Azure DevOps, if that makes any difference.
-
I have a .NET Core WebAPI, and I have the db connection string stored in the appsettings.json. In my company, the policy is the db password would change every 6 months. Since this is a pretty common IT security requirement, I wonder how other people handle their application's connection string? Every 6 months, edit the appsettings.json, re-deploy Just go and edit the connection string directly on production server while it's running (since the appsettings.json is read during run time, I assume this would not be a problem?) How do you guys do this? We are using on-prem Azure DevOps, if that makes any difference.
With 20+ applications on various production servers around the world, alright Asia, we wrote an application specifically to change the passwords every period. It could only be launched by a manager who's balls were held between 2 bricks. Getting the dammed thing out of source control was a bitch.
Never underestimate the power of human stupidity - RAH I'm old. I know stuff - JSOP
-
I have a .NET Core WebAPI, and I have the db connection string stored in the appsettings.json. In my company, the policy is the db password would change every 6 months. Since this is a pretty common IT security requirement, I wonder how other people handle their application's connection string? Every 6 months, edit the appsettings.json, re-deploy Just go and edit the connection string directly on production server while it's running (since the appsettings.json is read during run time, I assume this would not be a problem?) How do you guys do this? We are using on-prem Azure DevOps, if that makes any difference.
MaxwellMiky wrote:
Since this is a pretty common IT security requirement,
Not for db passwords, in my experience. We don't ever change db passwords. It seems like the only option is to coordinate the changing of the password and updating the json file at the same time, after hours if that's an option.
-
I have a .NET Core WebAPI, and I have the db connection string stored in the appsettings.json. In my company, the policy is the db password would change every 6 months. Since this is a pretty common IT security requirement, I wonder how other people handle their application's connection string? Every 6 months, edit the appsettings.json, re-deploy Just go and edit the connection string directly on production server while it's running (since the appsettings.json is read during run time, I assume this would not be a problem?) How do you guys do this? We are using on-prem Azure DevOps, if that makes any difference.
-
Use Integrated Security=SSPI, e.g.
Server=xxxxxxxx;Database=xxxxxxxx;Integrated Security=SSPI
then it is all controlled by AD. No changes needed
This runs under the context of the user and user's will not have any permissions to a sql database.
-
I have a .NET Core WebAPI, and I have the db connection string stored in the appsettings.json. In my company, the policy is the db password would change every 6 months. Since this is a pretty common IT security requirement, I wonder how other people handle their application's connection string? Every 6 months, edit the appsettings.json, re-deploy Just go and edit the connection string directly on production server while it's running (since the appsettings.json is read during run time, I assume this would not be a problem?) How do you guys do this? We are using on-prem Azure DevOps, if that makes any difference.
Run a shell / script that generates a random password every 6 months (server agent) and saves it to settings? [How do I script a password change for a SQL server login? - Stack Overflow](https://stackoverflow.com/questions/56923/how-do-i-script-a-password-change-for-a-sql-server-login)
It was only in wine that he laid down no limit for himself, but he did not allow himself to be confused by it. ― Confucian Analects: Rules of Confucius about his food