Skip to main content

.NET Core - (User) Secrets Exposed!

Managing credentials is hard. Developers try to keep development credentials separate from Production ones by using weird pre-processor directives or convoluted if...else statements. If you have ever worked with a development team, you know these quickly go out of hand. You might also have used environment variables to define configuration such as a database connection string. These work great but still cause some issue when moving between Windows and Linux OSes. For example, Bash does not like the : based hierarchical structure defined by .NET Core. So you have to replace the : with __ (double underscores). Environment variables are also harder to manage unless you are using a third party tool.

Fortunately, .NET Core 3.0 onward now ships with a built-in Secret Manager. These are called User Secrets and are stored on a per-user (duh!) basis typically at this path %APPDATA%\Microsoft\UserSecrets\<user_secrets_id>\secrets.json. We need not worry about the location of this file as all this is abstracted away from the user.

To enable user secrets on a project, run the following command while present in the same directory where .csproj is present:
dotnet user-secrets init
This adds a UserSecretsId element within a PropertyGroup of the .csproj file. By default, the inner text of UserSecretsId is a GUID. The inner text is arbitrary, but is unique to the project.

Next create a secret in a key/value combination. For example,
dotnet user-secrets set "ConnectionStrings:AppConfig" "MyConnString"
This user secret source is automatically inserted when CreateDefaultBuilder method is called and environment is Development.

To use this secret, you just have to call the Configuration indexer as you would call normally.
public void ConfigureServices(IServiceCollection services)
{ 
    _appConfig = Configuration["ConnectionStrings:AppConfig"]; 
}
To remove a secret or clear all secrets or list the secrets, use the corresponding remove, clear or list commands. If you are using Visual Studio, you can use the “Manage User Secrets” context menu to manage the secrets.

Note that user secrets does not replace any other means of inserting settings in your .NET application. You can still use them together just mindful of the fact that the order in which these settings are loaded defines overriding works.
builder.ConfigureAppConfiguration((hostingContext, config) => 
{ 
   ... 
   config.AddJsonFile("appsettings.json", optional: true, reloadOnChange: true) 

   // Added before AddUserSecrets to let user secrets override 
   // environment variables. 
   config.AddEnvironmentVariables(); 
}
User Secrets are a great addition to the .NET Core toolbox. They provide a standardized way of managing development secrets without the need to write any extra code or convoluted logic.
Labels:

Comments

Post a Comment

As far as possible, please refrain from posting Anonymous comments. I would really love to know who is interested in my blog! Also check out the FAQs section for the comment policy followed on this site.

Popular posts from this blog

Integrating React with SonarQube using Azure DevOps Pipelines

In the world of automation, code quality is of paramount importance. SonarQube and Azure DevOps are two tools which solve this problem in a continuous and automated way. They play well for a majority of languages and frameworks. However, to make the integration work for React applications still remains a challenge. In this post we will explore how we can integrate a React application to SonarQube using Azure DevOps pipelines to continuously build and assess code quality. Creating the React Application Let's start at the beginning. We will use npx to create a Typescript based React app. Why Typescript? I find it easier to work and more maintainable owing to its strongly-typed behavior. You can very well follow this guide for jsx based applications too. We will use the fantastic Create-React-App (CRA) tool to create a React application called ' sonar-azuredevops-app '. > npx create-react-app sonar-azuredevops-app --template typescript Once the project creation is done, we ...
1 comment
Continue Reading >>

Add Git Commit Hash and Build Number to a Static React Website using Azure DevOps

While working on a React based static website recently, there was a need to see exactly what was deployed in the Dev/Test environments to reduce confusion amongst teams. I wanted to show something like this: A quick look at the site's footer should show the Git Commit Hash and Build Number which was deployed and click through to actual commits and build results. Let's see how we achieved this using Azure DevOps. Git Commit Hash Azure DevOps exposes a variable called  $(Build.SourceVersion) which contains the hash of the commit. So I defined a variable in the Build Pipeline using it. Build Id and Build Number Azure DevOps also exposes two release time variables  $(Build.BuildId) and  $(Build.BuildNumber) which can be used to define custom variables in the pipeline. So we have a total of 3 variables defined: Next we use these variables in our React App. I created 3 global variables in index.html and assigned a token value to them. < script   type = "text/JavaScri...
Post a Comment
Continue Reading >>

Use AI to build your house!

When a new housing society emerges, residents inevitably create chat groups to connect and share information using various chat apps like WhatsApp and Telegram. In India, Telegram seems to be the favorite as it provides generous group limits, admin tools, among other features. These virtual communities become treasure troves of invaluable insights. But whatever app you use, there is always a problem of finding the right information at right time. Sure, the apps have a "Search" button, but they are pretty much limited to keyword search and are useless when you have to search through thousands of messages. I found myself in this situation when it was my turn to start on an interior design project for my home. Despite being part of a vibrant Telegram group, where countless residents had shared their experiences with various interior designers and companies, I struggled to unearth the pearls of wisdom buried within the chat's depths. I remembered that I could take advantage o...
Post a Comment
Continue Reading >>