How to store AWS credentials for dotnet core app hosted on Ubuntu 16.04?

1
votes

I am in the early stages of developing a dotnet core web, which is being deployed to an Ubuntu server. The app is running under the www-data user, via a systemd service (following this guide https://docs.microsoft.com/en-us/aspnet/core/publishing/linuxproduction).

The app connects to the Amazon S3 service by specifying credentials generated by the AWS command line interface i.e. aws configure (http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html)

I've tried various approaches to have the app read the credential file, including trying to set an Environment property in the serviced definition, explicitly setting ProfilesLocation in my appsettings.json file.

My current working solution is to copy the ~/.aws folder and contents to the /var/www/.aws path, and setting the owner to be www-data. Although this works, I'm unsure if this is the best practice, and concerned if it's secure or not.

Is this approach reasonable, if not what should I be doing instead?

Thanks

1
amazon-web-servicesubuntuamazon-s3asp.net-core

1 Answers

0
votes

I would create an appsettings.Production.json file and put all your secrets in that file. Then I would create a class with properties for each of your secrets. You can then access your secrets in any of your classes (i.e., a Controller class) using the options pattern. Later when you build a Release version of your app and publish to Linux, you will copy over your appsettings.Production.json file along with the rest of your build files and your application will get the AWS credentials from that file.

appsettings.Production.json

{
  "Secret1": "myfirstsecretvalue",
  "Secret2": "mysecondsecretvalue"
}

MyOptions.cs

public class MyOptions
{
    public string Secret1 { get; set; }
    public string Secret2 { get; set; }
}

MyController.cs

public class MyController : Controller
{
    public MyController(IOptions<MyOptions> optionsAccessor)
    {
        Options = optionsAcessor.Value;
    }

    public MyOptions Options { get; }

    public IActionResult Index()
    {
        // access my secret1 value
        string mysecret1 = Options.Secret1;

        return View();
    }
}