Can we use the ASPNET_REGIIS command to encrypt sections of the appsettings.json as we do with the asp.net app.config

Question

When working with asp.net we can encrypt parts of the asp.net console application's app.config file by following these steps:-

1- Rename the app.config to web.config >> run this command >>

ASPNET_REGIIS -pef "<<customAppSettingsGroup>>/<<customAppSettings>>" "C:\projects\MSE\MSE\MSE"

2- Rename the web.config back to app.config....

Now inside asp.net core we do not have app.config, instead we have the appsettings.json.. so my question is if we can encrypt parts of the appsettings.json using the above approach? If the answer is No, then what are the approaches to encrypt sections of the appsettings.json?

Thanks

Answer 1

The short answer is NO you should not use ASPNET_REGIIS anymore. Unless you want to decrypt it manually.

For development environment, you should use the Secret Manager tool as described Here

Initialize

dotnet user-secrets init

Set a secret

dotnet user-secrets set "Movies:ServiceApiKey" "12345"

For production environment the recommended approach is Azure vault

Assuming you have an Azure vault ready

Set your secrets

az keyvault secret set --vault-name {KEY VAULT NAME} --name "SecretName" --value "secret_value_1_prod"
az keyvault secret set --vault-name {KEY VAULT NAME} --name "Section--SecretName" --value "secret_value_2_prod"  

Azure-hosted apps use this instructions

If you host your app outside azure you must follow this instructions

PS: If your application won't load keys in runtime, only on start the free tier is more than enough.

There is a third option to create a custom provider as you can check here.

OR

This article from visual studio magazine is about a custom configuration provider with AES encryption

Fourth option:
If you are willing to use docker you can rely on the Docker Swarm secrets as shows in this article