:::: MENU ::::

User Secret management in ASP.NET Core

.Net Core introduces secret manager tool to store user secrets during development which helps developer to manage secrets and other sensitive settings during development in different space/file rather than on appsettings.json. You shouldn’t store id, secret keys, passwords or any other sensitive data in source code instead you have to store it other separate file and for this secret manager tool comes to be a handy tool. It helps to prevent sensitive data from being checked in by source control. ASP.NET Core also use this tool to manage user secrets during development. With secret manager tool you can associate app secrets with a specified project and share them across multiple projects. User secrets are stored as JSON data (like you see on appsettings.json).

Let’s see what you need to do to install secret manager tool and how you can use it on your application.

In project.json add secret manager tool in tools section and restore your project.

Now you have added tools to manage user secrets. You can see what you can do with secret manager tool using following command.

The secret manager tool will display usage, options and command help.

Before adding user secrets you need to add userSecretsId for you project on project.json. Secret manager tool operates on project specific configuration settings that are stored in your user profile. Generally the value of userSecretId should be unique but if it matched with any other projects userSecretsId inside your machine then you will be ended up with using another project user secrets. So make it unique unless you need to share user secrets with multiple projects.

Now let’s add secrets:

Above set command  sets the user secret to the specified value which takes two parameters first one is key and second one is value. There are other three main important command that you should know.

Now let’s see how you can access user secrets on your application.

You need to add Microsoft.Extensions.Configuration.UserSecrets package as a dependency in your project.json file and hit save then visual studio will restore your package.

Now you can access secrets from secret manager through the configuration system. Lets add required configuration in startup.cs file.

Here we configured our application to use user secrets from secret manager tool if only application is in development environment. For production environment it will access secrets from appsettings.json or appsettings.production.json (production appsetting file need to be add manually)

Now you can access secret data via configuration API.

You can also see user secrets file on your machine. In the current version, the values are stored in a JSON configuration file in the user profile directory:

  • Windows: %APPDATA%\microsoft\UserSecrets\<userSecretsId>\secrets.json
  • Linux: ~/.microsoft/usersecrets/<userSecretsId>/secrets.json
  • Mac: ~/.microsoft/usersecrets/<userSecretsId>/secrets.json

Value of userSecretsId are the id that you configure earlier in project.json. You can also view secret manager file right from visual studio too. Right click on your project and click Manage User Secrets.

You can add new or edit existing value from here too. To make sure actually changes happened go to CLI and see all user secrets by list command.

Now check the value of updated key.

Quick note: Secret manager tool does not encrypt stored secret data and should not be treated as a trusted store. It is for development purpose only. Hopefully it will be encrypted someday.

That’s it. This is how you can use secret manager tool in your application to manage secrets in development environment.

Happy Coding 🙂