Skip to main content

.NET Core - (User) Secrets Exposed!

Managing credentials is hard. Developers try to keep development credentials separate from Production ones by using weird pre-processor directives or convoluted if...else statements. If you have ever worked with a development team, you know these quickly go out of hand. You might also have used environment variables to define configuration such as a database connection string. These work great but still cause some issue when moving between Windows and Linux OSes. For example, Bash does not like the : based hierarchical structure defined by .NET Core. So you have to replace the : with __ (double underscores). Environment variables are also harder to manage unless you are using a third party tool.

Fortunately, .NET Core 3.0 onward now ships with a built-in Secret Manager. These are called User Secrets and are stored on a per-user (duh!) basis typically at this path %APPDATA%\Microsoft\UserSecrets\<user_secrets_id>\secrets.json. We need not worry about the location of this file as all this is abstracted away from the user.

To enable user secrets on a project, run the following command while present in the same directory where .csproj is present:
dotnet user-secrets init
This adds a UserSecretsId element within a PropertyGroup of the .csproj file. By default, the inner text of UserSecretsId is a GUID. The inner text is arbitrary, but is unique to the project.

Next create a secret in a key/value combination. For example,
dotnet user-secrets set "ConnectionStrings:AppConfig" "MyConnString"
This user secret source is automatically inserted when CreateDefaultBuilder method is called and environment is Development.

To use this secret, you just have to call the Configuration indexer as you would call normally.
public void ConfigureServices(IServiceCollection services)
    _appConfig = Configuration["ConnectionStrings:AppConfig"]; 
To remove a secret or clear all secrets or list the secrets, use the corresponding remove, clear or list commands. If you are using Visual Studio, you can use the “Manage User Secrets” context menu to manage the secrets.

Note that user secrets does not replace any other means of inserting settings in your .NET application. You can still use them together just mindful of the fact that the order in which these settings are loaded defines overriding works.
builder.ConfigureAppConfiguration((hostingContext, config) => 
   config.AddJsonFile("appsettings.json", optional: true, reloadOnChange: true) 

   // Added before AddUserSecrets to let user secrets override 
   // environment variables. 
User Secrets are a great addition to the .NET Core toolbox. They provide a standardized way of managing development secrets without the need to write any extra code or convoluted logic.


Popular posts from this blog

Proud to be a Bihari?

After nearly an year, this December I had a chance to visit Bihar. My visits normally consist of resting in my home in Patna and occasional visits to my uncle's place. But this time it was different. I had to go to Gaya to attend my cousin sister's marriage ceremony. Stepping out of Patna made me question - Am I really proud to be a Bihari? Patna is like any other city in India, struggling with pollution, traffic jams, crime, etc. Being snuggled in my bed in Patna had made me forget the reality of what Bihar really is; after all its been nearly 10 years since I had traveled to any town outside of Patna in Bihar. So, the illusion was broken the moment my uncle's brand new Maruti A-Star moved out of outskirts of Patna, to what is supposedly the "National Highway". If you haven't guessed it already, its an apology of a road.

The Art of Ogling

Me and my roommate were returning from a movie theater when I noticed a girl in a black dress and black goggles who seemed to be pretty. Maybe I looked for a second too long at her that I was chided by my roommate. "Dude, don't look at girls like that!!", he said out aloud, much to my embarrassment and his delight. This made me think and write about - How the hell do you look at girls? Let me set the ground rules before you read on. Don't despise men who stare at girls or think of them as perverts. They are doing a public service. This is how it works - Girls spend time, effort and money in buying makeup, clothes and other numerous accessories which make them look good. Have you ever thought why they go through so much trouble?

Centralized Configuration for .NET Core using Azure Cosmos DB and Narad

We are living in a micro services world. All these services are generally hosted in Docker container which are ephemeral. Moreover these service need to start themselves up, talk to each other, etc. All this needs configuration and there are many commercially available configuration providers like Spring Cloud Config Server, Consul etc. These are excellent tools which provide a lot more functionality than just storing configuration data. However all these have a weakness - they have a single point of failure - their storage mechanism be it a file system, database etc. There are ways to work around those but if you want a really simple place to store configuration values and at the same time make it highly available, with guaranteed global availability and millisecond reads, what can be a better tool than Azure Cosmos DB! So I set forth on this journey for ASP.NET Core projects to talk to Cosmos DB to retrieve their configuration data. For inspiration I looked at Steeltoe Con