Retrieve Umbraco db connection string from AWS/Azure during app start
I was asked to see if it was possible to store an Umbraco db connection string in AWS Secret Manager and remove it from our webconfig. Seemed like creating a composer to handle this might work but the app relies on the connection string to exist in webconfig or it fails to load/reach the composer. Has anyone had any success implementing a solution where the connection string is not kept in the webconfig? I found an article that looked at Azure Key Vault: https://www.mikkelhm.dk/archive/securing-your-secrets-with-azure-key-vault-part-9-umbraco-site/ No doubt this will work for all other secrets and DI could be used to access secrets around the app but in my case I want the connection string set before/during the app startup. I thought perhaps I could leave the connection string out or empty or put the initial string created on the install back in (
) and then let the composer set it once the connection string is retrieved from AWS but it doesn't appear to be possible. If anyone has any thoughts or has used AWS Secret Manager for this purpose specifically I'd be interested to know how they achieved it.
I am not too familiar with AWS Secret Manager but it may still apply.
I use Moriyama Config Builder which allows you to have your web config empty of secrets and reference your secrets from a separate xml file on disk.
The contents of that xml file is stored in Azure Key vault as a string and I have Azure DevOps download that secret xml file string and combine the xml into the set parameters xml file during deployment. This then deploys the secrets into the web config during the deployment. Which allows secrets to stay out of source control.
Hi, We are using AWS to host our Umbraco applications, I am looking out for solution to implement AWS Secret manager in our application. So is it possible to store the Umbraco db connection string in AWS Secret Manager and remove it from our web Config. Kindly provide any code reference to retrieve the connection string from AWS and load the connection string in our application .
Retrieve Umbraco db connection string from AWS/Azure during app start
I was asked to see if it was possible to store an Umbraco db connection string in AWS Secret Manager and remove it from our webconfig. Seemed like creating a composer to handle this might work but the app relies on the connection string to exist in webconfig or it fails to load/reach the composer. Has anyone had any success implementing a solution where the connection string is not kept in the webconfig? I found an article that looked at Azure Key Vault: https://www.mikkelhm.dk/archive/securing-your-secrets-with-azure-key-vault-part-9-umbraco-site/ No doubt this will work for all other secrets and DI could be used to access secrets around the app but in my case I want the connection string set before/during the app startup. I thought perhaps I could leave the connection string out or empty or put the initial string created on the install back in ( ) and then let the composer set it once the connection string is retrieved from AWS but it doesn't appear to be possible. If anyone has any thoughts or has used AWS Secret Manager for this purpose specifically I'd be interested to know how they achieved it.
I am not too familiar with AWS Secret Manager but it may still apply.
I use Moriyama Config Builder which allows you to have your web config empty of secrets and reference your secrets from a separate xml file on disk.
The contents of that xml file is stored in Azure Key vault as a string and I have Azure DevOps download that secret xml file string and combine the xml into the set parameters xml file during deployment. This then deploys the secrets into the web config during the deployment. Which allows secrets to stay out of source control.
Its explained more in my companies blog here: https://moriyama.co.uk/about-us/news/moriyama-configbuilder-securely-store-and-share-net-and-umbraco-configuration/
I will see if I can make a more thorough blog post myself but I hope the above pushes you in the right direction.
@mattou07 - thanks so much for your response. I'll take a look at this option. Cheers
Hi, We are using AWS to host our Umbraco applications, I am looking out for solution to implement AWS Secret manager in our application. So is it possible to store the Umbraco db connection string in AWS Secret Manager and remove it from our web Config. Kindly provide any code reference to retrieve the connection string from AWS and load the connection string in our application .
is working on a reply...