Using .Net Core User Secrets to Hold Confidential Data

by lynndemarest · January 27, 2020

When programming most applications, there are some configuration items you’d rather not share with the world, for example when you push the repository to github. For example, a secret APIKey needed to access an API, or a database connection string containing a username and password.

.Net Core gleans configuration settings from a variety of sources. There’s the appsettings.json file, the environment, the command line, and something called User Secrets.

Visual Studio creates User Secrets automatically when you right-click on the project and select Manage User Secrets. This will open a secrets.json file you can edit just like appsettings.json.

One cool thing about using User Secrets is that you can add setting in appsettings.json to let the github user know what settings are required, and your User Secrets settings will override them. So you might have this in appsettings.json:

// These two settings should be overridden by settings in User Secrets.
"APIKey": "[YOUR API KEY HERE]",
"ConnectionStrings": {
    "ProjectsDBConnectionString": "Server=[YOUR SQL SERVER NAME];Database=[YOUR DB NAME];Trusted_Connection=true;"
  }

Here’s a good video on the IConfiguration class.

Using .Net Core User Secrets to Hold Confidential Data

You may also like...

Recent Posts

Using .Net Core User Secrets to Hold Confidential Data

You may also like...

.Net Core 3.1 CORS

Using Swagger to Document your API in .Net Core 3.1

Securing a REST API with a Secret and an Action Filter

Recent Posts