Storing User Secrets in .Net Core

Avinash Karat
3 min readAug 31, 2021

--

Hi folks, in this post, I try to cover how user secrets can be stored in a .Net core application.

During development, it is often necessary to use sensitive data to work with the services that an application depends on. This data can include API keys, database connection passwords, or default administration accounts, and it is used both to access services and to reinitialize them to test application changes with a fresh database or user configuration.

If the sensitive data is included in the C# classes or JSON configuration files, it will be checked into the source code version control repository and become visible to all developers and to anyone else who can see the code —which may mean visible to the world for projects that have open repositories or repositories that are poorly secured.

The user secrets service allows sensitive data to be stored in a file that isn’t part of the project and won’t be checked in to version control, allowing each developer to have their own sensitive data that won’t be accidentally exposed through a version control check-in. Let’s look at how to achieve this.

Step 1:

Prepare the file that will be used to store sensitive data. Open a new PowerShell command prompt and run the commands, in the Platform folder (the folder that contains the Platform.csproj file).

dotnet tool uninstall- -global dotnet-user-secrets

dotnet tool install- -global dotnet-user-secrets

Step 2:

Run this command.

dotnet user-secrets init

Now lets see how we can store a secret:

Just use this format to store your secret.

dotnet user-secrets set “WebService:Id” “MyAccount”

dotnet user-secrets set “WebService:Key” “MySecret123$”

Each secret has a key and a value, and related secrets can be grouped together by using a common prefix, followed by a colon(the : character), followed by the secret name.

After each command, you will see a message confirming that a secret has been added to the secret store. To check the secrets for the project, use the command prompt to run the following command

dotnet user-secrets list

This command produces the following output:

WebService:Key = MySecret123$

WebService:Id = MyAccount

Behind the scenes, a JSON file has been created in the %APPDATA%\Microsoft\UserSecrets folder (or the ~/.microsoft/usersecrets folder for Linux) to store the secrets.

Lets look at how can we read the User Secrets:

User secrets are merged with the normal configuration settings and accessed in the same way. The following statement displays the secrets to the middleware component that handles the /config URL in StartUp.cs.

User secrets are loaded only when the application is set to the Development environment. Edit the launchSettings.json file to change the environment to Development, as shown:

That’s it. Save the changes, restart the ASP.NET Core runtime, and request the http://localhost:5000/config and you can see the result like this:

Conclusion:

Just give it a try and let me know how it goes:

Thanks for reading!

--

--

Avinash Karat

Working professionally as a full stack .Net developer . Also have a keen interest in personal productivity, meditation&personal finance. Here to share things.