Improve Data Flow through React Context
28.02.2024
27.06.2022
Distributing secrets (such as API keys and connection strings) is a common task for web applications and their development teams.
The GCP (Google Cloud Platform) provides a service for storing secrets in a secure way. This allows the end users to focus on the application itself and not on managing secrets, rotating keys and other security-related tasks.
But how can we access the secrets from GCP, both locally for developers and from a cloud service for end users?
We mostly use C# in the backend, so we went ahead and wrote an open-source package which injects the secrets into the Microsoft.Extensions.Configuration. This package is called Neolution.Extensions.Configuration.GoogleSecrets and can be found on GitHub
https://github.com/neolution-ch/Neolution.Extensions.Configuration.GoogleSecrets
The NuGet package is available on NuGet.org https://www.nuget.org/packages/Neolution.Extensions.Configuration.GoogleSecrets/
Cloud Usage
If your service runs inside a GCP service, you don’t have to worry about authorisation at all and can simply use the Neolution.Extensions.Configuration.GoogleSecrets package in the Program.cs file.
For example
public static IHostBuilder CreateHostBuilder(string[] args)
{
return Host.CreateDefaultBuilder(args)
...
.ConfigureAppConfiguration((_, configuration) =>
{
configuration.AddGoogleSecrets(options =>
{
options.ProjectName = "your-project-id";
});
});
}
Local Usage
If you want to use the secrets locally, you have two options.
1. Use the gcloud command line tool to login into your GCP account and set the application default credentials:
gcloud auth login
gcloud auth application-default login
Now the application default credentials are set and you can use the Neolution.Extensions.Configuration.GoogleSecrets package as described above.
2. Use the GOOGLE_APPLICATION_CREDENTIALS environment variable to set the path to the credentials file. This can for example point to a service account json file. More information can be found here:
https://cloud.google.com/docs/authentication/getting-started#setting_the_environment_variable
With these two approaches, it’s easy to manage secrets both locally and in the cloud. Gone are the days where we had to share secrets manually across teams. It’s also really easy to manage permissions with this approach, because we create a project on GCP for each environment (production, staging, etc.). So, it's easy to define which user should have access to which environment and its secrets.
Improve Data Flow through React Context
28.02.2024
Play with the WBS
13.09.2023
Zentralisierung von Application Logs
12.05.2023
A gentle introduction to JSON Web Tokens
30.03.2023