Azure Indicium(Universal) appsettings.json encryption of the DB username and password

Hi mperrott,

Maybe this topic can help you out:

Also see the documentation here:

https://docs.thinkwisesoftware.com/docs/deployment/azure.html

I hope this supplies you with all the information 

Kind regards,
Mark Jongeling

Hi Mark,

I’m not looking for the deployment instructions, thank you for that.

I’m looking for the way to secure the MetaSourceConnection information not to be in the appsettings.json file in plain text.

I only found this article that was tried with Azure manage identity: https://community.thinkwisesoftware.com/installation-11/azure-managed-identity-for-iam-indicium-1289

I’m looking for another alternative from the suggested in the above article from using only a plain text for the username and password in the MetaSourceConnection section.

Regards

Michalis Perrott

Thank you Mark,

This information is missing from the online documentation, this is very useful to have known in advance during the installation :) .

I have tested it and it is working. Can I assume that also other parts of the appsettings.json file can be placed in the same manner in the webapp application setting? e.g. EMAIL  SMTP?

It is safe to assume it is. You can try it out and let us know in this thread 

Keep note of the double underscores in the settings.

I’m pleased to let you know that I have transferred all the below configuration and everything is working as expected.

With this movement of configuration Upgrading is so much easier.

Only automation I need to implement is for the images/icons/logos that need to be replaced in Indicium and Universal after upgrade, and the replacement of the name of “Universal” in the index.html file of Universal.

Thanks a million Mark.

Maybe a tip of interest; What we currently do is commit an updated GUI to a Git repository and let a build automation tool (Bamboo) add/update some assets using PowerShell scripts, returning a .zip file which we then directly can upload to Azure (that even could be done by using the automation tool). The only manual labour is now do a check-in in of the updated GUI files, the build automation should take care of the rest.

Thanks Rene.

I was planning to use Jenkins as I’m more familiar with it.

Thank my colleague @Barry , he's the one to find out all this  We are happy to help

Mark Jongeling wrote:

Hi Michalis,

Within Thinkwise it has been tested and the following solution will solve your problem. This way the credentials are securely stored in the Application settings in the Azure WebApp.

When you have Indicium (Universal) in Azure as WebApp, you can go into the Application Settings and add the following settings. Note: the Names have double underscores e.g. MetaSourceConnection__Database

The appsettings.json can like the following:

{
  "Logging": {
    "ApplicationInsights": {
      "LogLevel": {
        "Default": "Information",
        "System": "Information",
        "Microsoft": "Warning",
        "Indicium": "Debug"
      }
    },
    "IncludeScopes": false,
    "LogLevel": {
      "Default": "Information",
      "System": "Information",
      "Microsoft": "Warning",
      "Indicium": "Debug"
    }
  },
  "MetaSourceConnection": {
    "Server": "",
    "Database": "",
    "PoolUserName": "",
    "PoolPassword": ""
  }
}

To sum it up; 

Create four new application settings named:

1. MetaSourceConnection__Server
2. MetaSourceConnection__Database
3. MetaSourceConnection__PoolUserName
4. MetaSourceConnection__PoolPassword

and give them the value needed.

We will make a blog post about this and the documentation will soon be expanded accordingly. 

Kind regards,
Mark Jongeling

This Best answer, provided by Mark Jongeling, is now documented in topic: Store database user credentials securely.