Alternatives to SecureString?

Question

I want to use SecurityString for store some confidential data.

We don't recommend that you use the SecureString class for new development.

So I would like to know if there are alternatives to SecureString?

From the [GitHub page on Secure String](https://github.com/dotnet/platform-compat/blob/master/docs/DE0001.md): "Don't use SecureString for new code. When porting code to .NET Core, consider that the contents of the array are not encrypted in memory. The general approach of dealing with credentials is to avoid them and instead rely on other means to authenticate, such as certificates or Windows authentication." — Jamie Taylor, Apr 30 '19 at 12:13

score 4 · Answer 1 · edited Sep 04 '20 at 06:26

4

Recommendation

Don't use SecureString for new code. When porting code to .NET Core, consider that the contents of the array are not encrypted in memory.

The general approach of dealing with credentials is to avoid them and instead rely on other means to authenticate, such as certificates or Windows authentication.

https://github.com/dotnet/platform-compat/blob/master/docs/DE0001.md

edited Sep 04 '20 at 06:26

Pang

9,073
146
84
117

answered Apr 30 '19 at 12:12

evilGenius

947
1
6
15

1

This doesn't help when credentials are not what is being stored as a secret. – ryanwebjackson Jan 20 '22 at 20:35
1

@ryanwebjackson - Take a look at [this](https://stackoverflow.com/a/15342230/1016343). It shows some alternatives. – Matt Jan 21 '22 at 07:43

Alternatives to SecureString?

1 Answers1