1. Volume 83, no.4, 2022
  2. THE IMPLEMENTATION OF A METHOD FOR WORKING WITH SENSITIVE DATA USED BY VARIOUS SERVICES AND SYSTEMS

THE IMPLEMENTATION OF A METHOD FOR WORKING WITH SENSITIVE DATA USED BY VARIOUS SERVICES AND SYSTEMS

ISTCMTM.
2022;
Випуск 83(4)
: pp. 56-61
https://doi.org/10.23939/istcmtm2022.04.056
Автори:
  1. Уляна Дзелендзяк
  2. Nazar Mashtaler
1
Національний університет "Львівська політехніка"
2
Lviv Polytechnic National University

The article describes the method of working with sensitive data used by various services and systems, including CRM/ERM systems, as well as the implementation of storing this data using the classic .NET FRAMEWORK. The main driver of this initiative is a missing centralized repository for connection strings to various systems like databases, CRM/ERM systems (for example. Netsuite or Salesforce), system variables, other sensitive info (for example tokens), and third-party components. The problem here is that each application has stored these connection strings in its configuration (usually in the web. config). It means one connection string is multiplied in many places and if there is a change in credentials, for example, the change must be done in all these application configurations. Finally, it would be better to have any registry of which connection string is used where. This is adding complexity for global updates, and it also doesn't help with security (since credentials to production systems are in the configuration and thus in source control, where they are visible to anybody).

Net Framework security
storing sensitive information
secrets
securing Microservices and Web Applications

[1] C. de la Torre, B. Wagner, M. Rousos, .NET Microservices Architecture for Containerized NET Applications, One Microsoft Way Redmond, Washington 98052-6399, 2022. https://learn.microsoft.com/enus/dotnet/architecture/microservices/
[2] Safe storage of app secrets in development in ASP.NET, Microsoft 2022. [Online]. Available: https://learn. microsoft.com/en-us/aspnet/core/security/appsecrets?view=aspnetcore-6.0&tabs=windows
[3] CMDB Design Guidance, Servicenow, 2020. https://www.servicenow.com/content/dam/servicenowassets/public/en-us/doc...
[4] Azure Key Vault configuration provider in ASP.NET Core, Microsoft 2022. [Online]. Available: https://learn. microsoft.com/en-us/aspnet/core/security/key-vaultconfiguration?view=aspnetcore-6.0
[5] AWS Secrets Manager: User Guide, Amazon Web Services, Inc, 2022. https://docs.aws.amazon.com/ managedservices/latest/userguide/secrets-manager.html
[6] Quickstart: Install and use a NuGet package, Microsoft 2022. [Online]. Available: https://learn.microsoft.com/enus/nuget/quickstart/install-and-use-a-pack...
[7] An introduction to NuGet, Microsoft 2022. [Online]. Available: https://learn.microsoft.com/en-us/nuget/whatis-nuget