Jan 08, 2021 11:35 PM|artem_s|LINK
where i am storing an smtp password + when i publish the application to a shared host provider, i will add an sql server username and password inside the appsettings.json's connection string.
Seems like you're not on AWS or Azure, otherwise I'd recommend using their corresponding secret management solutions.
There's been plenty of responses in this thread strongly advising against storing passwords in the configuration. There's a number of issues with that approach, but two major ones are:
By using a secret management service, you avoid these both issues. In case you may consider that approach, I could suggest these tow articles that I written to cover use of secrets managers with ASP.NET Core specifically:
Hope it helps!
PS I summarised these above points and a bit more in this SO answer:
How can I secure passwords stored inside web.config?