Jun 25, 2020 09:28 AM|bluMarmalade|LINK
You don't need to encrypt passowrds in appsettings.json. However, the risk of having open passwords there is more about the risk of leaving it exposed if you accidentally commits it to things like Github or leving it open on your computer. This is especially
important if other people have access to your code.
You can use a secret manager (tool) to avvoid this (or always removing the passwords before you commit).
If your server where the app is running is properly secured, no one can see your passwords anyway. At some point the passwords must be decrypted and exposed. the last option would be to store it in a database, where it will be encrypted, but that is not
Secure your server. that is most important. for linux, use best practices like fail2ban, key based logins over ssh. for database connections you should only allow connections from your server's ip (and possibly your development machine). But the level of
security also depends on what kind of sensitive data you have.