key is saved in base64 in appsettings just to give an idead that it should be encrypted and the key can be placed in a secure centralized place

HasanJaved-Developer · HasanJaved-Developer · commit d57750acfc9c · 2025-09-01T16:44:36.000+05:00
diff --git a/UserManagementApi/Program.cs b/UserManagementApi/Program.cs
@@ -30,6 +30,9 @@
 builder.Services.Configure<JwtOptions>(builder.Configuration.GetSection("Jwt"));
 var jwt = builder.Configuration.GetSection("Jwt").Get<JwtOptions>()!;
 
+var keyBase64 = builder.Configuration["Jwt:KeyBase64"]!;
+var keyPlain = Encoding.UTF8.GetString(Convert.FromBase64String(keyBase64));
+
 builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
     .AddJwtBearer(opt =>
     {
@@ -40,7 +43,7 @@
             ValidateIssuerSigningKey = true,
             ValidIssuer = jwt.Issuer,
             ValidAudience = jwt.Audience,
-            IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwt.Key)),
+            IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(keyPlain)),
             ClockSkew = TimeSpan.Zero
         };
     });
diff --git a/UserManagementApi/appsettings.json b/UserManagementApi/appsettings.json
@@ -27,7 +27,7 @@
   "Jwt": {
     "Issuer": "PermsApi",
     "Audience": "PermsApiAudience",
-    "Key": "very_long_dev_key_change_in_prod_1234567890",
+    "KeyBase64": "dmVyeV9sb25nX2Rldl9rZXlfY2hhbmdlX2luX3Byb2RfMTIzNDU2Nzg5MA==",
     "ExpiresMinutes": 60
   }
 

Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@`
`27`	`27`	`"Jwt": {`
`28`	`28`	`"Issuer": "PermsApi",`
`29`	`29`	`"Audience": "PermsApiAudience",`
`30`		`- "Key": "very_long_dev_key_change_in_prod_1234567890",`
	`30`	`+ "KeyBase64": "dmVyeV9sb25nX2Rldl9rZXlfY2hhbmdlX2luX3Byb2RfMTIzNDU2Nzg5MA==",`
`31`	`31`	`"ExpiresMinutes": 60`
`32`	`32`	`}`
`33`	`33`