Using .Net Core User Secrets to Hold Confidential Data

When programming most applications, there are some configuration items you’d rather not share with the world, for example when you push the repository to github. For example, a secret APIKey needed to access an API, or a database connection string containing a username and password.

.Net Core gleans configuration settings from a variety of sources. There’s the appsettings.json file, the environment, the command line, and something called User Secrets.

Visual Studio creates User Secrets automatically when you right-click on the project and select Manage User Secrets. This will open a secrets.json file you can edit just like appsettings.json.

One cool thing about using User Secrets is that you can add setting in appsettings.json to let the github user know what settings are required, and your User Secrets settings will override them. So you might have this in appsettings.json:

// These two settings should be overridden by settings in User Secrets.
"ConnectionStrings": {
    "ProjectsDBConnectionString": "Server=[YOUR SQL SERVER NAME];Database=[YOUR DB NAME];Trusted_Connection=true;"

Here’s a good video on the IConfiguration class.

You may also like...