1

I'm building an API Server with ASP .NET Core. I needed to generate and manage API Keys. So i searched about that, and i found 'Azure Key Vaults'. I thought it might be a solution, but it was paid service. So i wondered what is general way to generate and manage API Keys in ASP .NET Core. I will be thankful if you help me.

Improve this question
5
  • Check out this tutorial for creating ApiKey Authentication youtu.be/Zo3T_See7iI Commented May 3, 2022 at 8:55
  • Azure Key Vault is used to store API keys and other credentials, not generate them. What are you trying to do? Securely storing credentials is completely different from generating and managing API keys for clients/customers of your service. Commented May 3, 2022 at 9:35
  • @PanagiotisKanavos I think i wrote a little bit confusing words. I'm sorry about that. I know the usage of Azure Key Vault too. I meant "managing" == "generating" + "storing" + etc. So i wanted to know how to generate api keys and how to store api keys. Commented May 4, 2022 at 1:45
  • @hangooksaram, do you mean you have an API for which you want to generate keys for its users? If yes, please refer to Simple and secure custom API Keys using ASP.NET Core. Regarding storing the keys, I have informed some options in my answer. Please see my updated answer. Commented May 4, 2022 at 5:16
  • @Deepak-MSFT Yes, I checked you answer and i checked the reference in your comment too. Your answer was very helpful. Thank you. Commented May 4, 2022 at 7:45

2 Answers 2

Reset to default
2

It depends on your logic and how you would like the API key to generate if you are doing it by yourself.

You could refer to Simple and secure custom API Keys using ASP.NET Core to generate API keys.

If you are consuming the APIs in your project then those APIs will provide you with the keys.

Further, It looks like you are concerned about storing/managing the API keys.

In the Development environment, you could try to store it in the AppSettings.json, or you could store it using the Environment variables or you could try to use Secret Manager.

It is quite risky and not recommended to rely on these methods to store the API keys for the production environment. For the production environment, I would suggest you store the API keys in the Azure Key Vault. I understand that you need to pay to use it but it is the recommended approach to securely store the API keys.

References:

  1. How to store app secrets for your ASP .NET Core project
  2. Safe storage of app secrets in development in ASP.NET Core
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Azure Key Vault is great but it has some drawbacks. It costs, isn't that fast and it can become a burden with lots of Keys. There's an AZ303 question about making multiple key vaults to scale.

You know the AppConfig has a FREE tier and you can store your API keys in there: https://azure.microsoft.com/en-us/pricing/details/app-configuration/

For Database Connection Strings I'd still use Azure Key Vault, for API keys I wouldn't worry about storing in Azure App Config if there's only a few dozen and its not for externally used services.

Improve this answer

1 Comment

I didn't know AppConfig can store API Keys for free. I will consider that too. Thank you!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.