Saturday, 28 December 2024

How to use User-secret to protect secrets in dotnet application.

 

 Using user secrets in a .NET Web API project to securely manage your database password is an excellent practice. It keeps sensitive information like database passwords out of your source code and version control system.  

    Questions about managing secrets and securely handling sensitive data in .NET applications are quite common in job interviews, especially for roles that require knowledge of security best practices. Understanding how to securely manage and deploy secrets demonstrates your ability to maintain the security and integrity of an application.

Why Secrets Management is Important:

  • Protects sensitive information like API keys, database passwords, and other confidential data.

  • Prevents unauthorized access and potential data breaches.

  • Protects from uploading such sensitive information in code repository.

User Secrets in Development:

  • Use Microsoft.Extensions.Configuration.UserSecrets to store secrets securely during development.

  • Initialize user secrets in your project: 

 dotnet user-secrets init --project [projectName]

  •  Set secrets using the CLI:
     
  • dotnet user-secrets --project [projectName]
      set "ConnectionStrings:DefaultConnection:Password" "YourDatabasePassword"
Accessing Secrets in Code:
  • Load user secrets in your Program.cs or Startup.cs.
    var builder = WebApplication.CreateBuilder(args);
    builder.Configuration.AddUserSecrets<Program>();


Example appsettings.json:
{
    "ConnectionStrings": {
      "DefaultConnection": "Server=your_server;Database=your_database;User Id=your_userid;TrustServerCertificate=True;MultipleActiveResultSets=true;"
    }
  }
Program.cs or startup.cs
var builder = WebApplication.CreateBuilder(args);

// Load User Secrets
builder.Configuration.AddUserSecrets<Program>();

// Build the connection string
var defaultConnectionString = builder.Configuration.GetConnectionString("DefaultConnection");
var dbPassword = builder.Configuration["ConnectionStrings:DefaultConnection:Password"];
var connectionString = $"{defaultConnectionString}Password={dbPassword};";

// Add services to the container.
builder.Services.AddDbContext<ApplicationDbContext>(options =>
    options.UseSqlServer(connectionString));

var app = builder.Build();

Best Practices for Production:
  • Use environment variables or a secret management service (e.g., Azure Key Vault, AWS Secrets Manager) to store and retrieve secrets in production.
  • Configure your application to load secrets from the chosen service:
        
builder.Configuration.AddEnvironmentVariables();
// Or use Azure Key Vault
builder.Configuration.AddAzureKeyVault(
    new Uri("https://your-keyvault-name.vault.azure.net/"),
new DefaultAzureCredential());

Automating Secret Management:
  • Integrate secret management into CI/CD pipelines to automate the secure deployment of secrets.
  • Use tools like Azure DevOps, GitHub Actions, or Jenkins to manage secrets during deployment.

    Example Scenario:

    Question: How would you securely manage and deploy secrets in a .NET Web API application?
    Answer: "In a .NET Web API application, I would use Microsoft.Extensions.Configuration.UserSecrets to manage secrets during development. This helps keep sensitive information like database passwords secure and out of source control. For production environments, I would leverage a secret management service like Azure Key Vault to store and retrieve secrets securely. This ensures that secrets are managed centrally and securely accessed by the application. Additionally, I would integrate secret management into CI/CD pipelines to automate the secure deployment of secrets, ensuring that sensitive information remains protected throughout the development and deployment process."

Monday, 2 December 2024

Create a Directory from existing disk in proxmox server

Scenario:
 I have an NVMe disk with an ext4 partition that was previously used as a directory in a Proxmox server. After reinstalling Proxmox, I’m unable to add the drive as a directory because the disk selection page shows the message "No disks unused." I need to retain the data on the drive since it contains backups of all the VMs and cannot be formatted.



The issue occurs because Proxmox VE's interface doesn't automatically recognize pre-used disks with existing filesystems as "unused." To safely add the drive back as a directory without losing the data, follow these steps:

Steps to Add the Existing Disk

  1. Verify the Filesystem and Mount the Disk

    • SSH into your Proxmox server.

    • Identify your NVMe drive and its partition using:


      lsblk

      or

      fdisk -l

      Look for the partition (e.g., /dev/nvme0n1p1).

    • Check the filesystem to ensure it's still intact:


      file -s /dev/nvme0n1p1

      If it shows as an ext4 filesystem, you're good to proceed.

    • Mount the partition to a temporary directory to confirm its contents:


      mkdir /mnt/temp mount /dev/nvme0n1p1 /mnt/temp ls /mnt/temp

      Ensure you see the backup files.



  2. Create a Permanent Mount Point

    • Decide where you want to mount the drive. For example:


      mkdir /mnt/nvme-backups
    • Edit /etc/fstab to automatically mount the partition on boot:


      nano /etc/fstab

      Add an entry similar to this:


      /dev/nvme0n1p1 /mnt/nvme-backups ext4 defaults 0 2

      Replace /dev/nvme0n1p1 with your actual device path.


    • Mount the disk:


      mount -a

       


  3. Add the Directory to Proxmox Storage

    • Go to the Proxmox web interface.
    • Navigate to Datacenter > Storage > Add > Directory.
    • In the "Directory" field, input the mount point path (e.g., /mnt/nvme-backups).
    • Select the desired content types (e.
      g., VZDump backup file for backups).
  4. Test the Setup

    • Check if the backups are accessible in Proxmox.
    • Ensure the directory is listed in Datacenter > Storage and shows the correct size and usage.

Sunday, 1 December 2024

Change static Ip of a Xcp-ng server



SSH to the server . 

sudo -s

type password for xoa.  

$ xoa network static

? Static IP for this machine 192.168.0.10/24
? Gateway 192.168.0.1
? IP of the DNS server 8.8.8.8