Storing licensing key best practices

Question

https://help.syncfusion.com/common/essential-studio/licensing/how-to-register-in-an-application#server-side-application I have a web assembly blazor application. I have 2 questions1, Where is the recommended place to securely store the license key? Instead of hard coded string because our application is in a public repository. Can you provide a sample2. Can the license key string be stored in azure key vault? if so can you provide a sample     //Register Syncfusion licenseusing Syncfusion.Blazor;
public static async Task Main(string[] args) 
{ 
    //Register Syncfusion license 
    Syncfusion.Licensing.SyncfusionLicenseProvider.RegisterLicense("YOUR LICENSE KEY");  
    var builder = WebAssemblyHostBuilder.CreateDefault(args); 
    builder.RootComponents.Add<App>("app");                               
    builder.Services.AddSyncfusionBlazor(); 
    await builder.Build().RunAsync(); 
}Thank you

Jeyaseelan M · Accepted Answer

Hi Pavel,Q1) Where is the recommended place to securely store the license
key? Instead of hard coded string because our application is in a public
repository. Can you provide a sampleA1) We currently don’t have an option to secure the license keys
which is registered in the project. We have implemented this licensing (key)
validation system to avoid using our products inadvertently. So, you can proceed
to publish your code to GitHub with our license keys.If someone got our license key without Syncfusion
account, he couldn’t able to contact us for any technical support or for any
updates.So, you can use this license key directly in your project.Q2) Can the license key string be stored in azure key vault? if
so can you provide a sampleA2) As of now, our Syncfusion license keys were not compatible with
Azure key vault. Alternatively, you can use the license key in a
configuration file or an environment variable and read it when registering the
application in the project.Let us know if there are any further queries.Regards,Jeyaseelan M

Pavel · Answer

thank you

Ken · Answer

Here is how to get the licence key in Key Vaults and register.

var SecretUri = config["SecretUri"];

var TenantId = config["TenantId"];

var ClientSecret = config["ClientSecret"];

var ClientId = config["ClientId"];

var secretclient = new SecretClient(new Uri(SecretUri), new ClientSecretCredential(TenantId, ClientId, ClientSecret));

KeyVaultSecret keyv = secretclient.GetSecret("SyncfusionLicense");

string _syncfusionlicensekeyvaultvalue = keyv.Value;

Syncfusion.Licensing.SyncfusionLicenseProvider.RegisterLicense(_syncfusionlicensekeyvaultvalue);

Jeyaseelan M · Answer

Hi Ken,Yes, you can store the
Syncfusion license key in azure key vaults and register it in your application.To use the secrets stored in
Azure Key Vault in your application, you can follow these general steps:
 Create an Azure Key
     Vault and add your secrets (Syncfusion License Key) to it.
 Grant your application
     access to the Key Vault and the secrets it needs.
 Modify
     your application code to retrieve the secrets from the Key Vault.
Here's a more detailed
breakdown of each step:Create an Azure Key Vault and add your secrets to
it:a. Sign in to the Azure portal and navigate to the Key
Vault service.
b. Create a new Key Vault or select an existing one. c. Add the secrets (Here Syncfusion License Key) to the Key Vault,
using either the Azure portal or the Azure CLI. When adding a secret, make sure
to give it a descriptive name and a value that is as secure as possible.

Grant your application access to the Key Vault and
the secrets it needs:a. In the Key Vault settings,
add an access policy for your application. This policy will define the
permissions that your application has for accessing secrets in the Key Vault. b. If you're using an Azure-hosted application, you can
assign an Azure Managed Identity to your application and use it to access the
Key Vault. This is a secure way to authenticate your application without having
to manage any credentials.Refer to the below documentation for access to the policy.https://learn.microsoft.com/en-us/azure/key-vault/general/security-features?WT.mc_id=Portal-Microsoft_Azure_KeyVault#access-model-overviewModify
your application code to retrieve the secrets from the Key Vault:
a. Use the Azure Key Vault client library to connect to the Key Vault and
retrieve the secrets you need. The client library provides a simple and secure
way to authenticate to the Key Vault, access secrets, and handle secrets
rotation and versioning.b. Depending on your
application's programming language and framework, you can use the Azure Key
Vault client library for .NET, Java, Python, or any other supported language.

Refer to the following code snippet for more detail.

using Azure.Identity;
  using Azure.Security.KeyVault.Secrets;
  // Replace with your Key Vault URL and secret name
  string vaultUrl = "https://my-key-vault.vault.azure.net/";
  string secretName = "my-secret";
  // Authenticate to Azure using the default credentials
  var credential = new DefaultAzureCredential();
  // Create a new Key Vault client
  var client = new SecretClient(new Uri(vaultUrl), credential);
  // Retrieve the secret by name
  KeyVaultSecret secret = client.GetSecret(secretName);
  // Access the value of the secret
  string secretValue = secret.Value;
  // Use the secret value in your application
  Syncfusion.Licensing.SyncfusionLicenseProvider.RegisterLicense(secretValue);

Please follow the MSDN link for
more details regarding authentication.https://learn.microsoft.com/en-us/dotnet/api/overview/azure/security.keyvault.keys-readme?view=azure-dotnet

Note that you'll need to have the necessary NuGet
packages installed, such as Azure.Identity  and Azure.Security.KeyVault.Secrets , and you may need to configure your Azure Key Vault access
policies to allow your application to access the secrets.By following these steps, you can store the Syncfusion
license key in Azure Key Vault and use them in a secure and reliable way in
your application.

Pavel · Answer

Is the license key required at compile time or at run time?

Jeyaseelan M · Answer

Pavel, Syncfusion license validation occurs only during the
run time and our license
validation process works offline. No internet connection is required for license validation process.Refer
to the below documentation for more details.https://help.syncfusion.com/common/essential-studio/licensing/licensing-faq/is-an-internet-connection-required-for-syncfusion-essential-studio-license-validation

Stavros Dimopoulos · Answer

I have the same problem, how to securely store the license key.Azure Key Vault is not safe if you distribute the Key Vault authentication information with your application.If someone can extract the license key from the application he can also extract the Azure Key Vault authentication information.As
 a result, he will be able to read not only the license key from the key
 vault but additionally he will be able to read any other secret on your
 key vault, especially if the identity has permission to list the 
secrets. UpdateThe solution suggested by Jeyaseellan does not use the ClientSecret so I assume that it is a secure way to store the secret.I just found a SyncFusion article about that:https://help.syncfusion.com/common/essential-studio/licensing/licensing-faq/how-to-securely-store-and-use-syncfusion-license-keys-in-azure-key-vault

Prashanth Sundhar · Answer

Hi Stavros,

Okay, please check and let us know if you are facing any issues using our
license keys with Azure Key Vault.

Regards,
Prashanth S.