User Secrets in ASP.NET Core With Jetbrains Rider

Alastair Christian
Oct 23, 2019 · 3 min read

ASP.NET Core provides tools to help avoid storing sensitive data used during development in source code. Personally, I’m not a big fan of environment variables for storing development secrets, so I have started using the Secret Manager. The Secret Manager is a tool that allows you to store app secrets in a JSON file that lives outside the project tree, but access them through the Configuration API. You should always remember that this JSON file is not encrypted, so never use it for test or production environments. I use it as an easy way to keep my connection strings and other developer-specific data and secrets separate from the code that I commit to the project git repository.

Secret Manager has a nice CLI for managing app secrets for a project and the Visual Studio integration looks pretty solid. However, I use Jetbrains Rider, where the integration picture is less clear. There is a useful plugin which helps, but requires some manual intervention to get started. What follows are the steps I follow to start using Secret Manager in my ASP.NET Core development projects in Rider.

Initialising Secret Manager in a Project

How Secret Manager works is simplicity itself. You assign a unique identifier to your project and a corresponding folder for the unique identifier is created in:

  • Mac/Linux: ~/microsoft/usersecrets
  • Windows: %APPDATA%\Microsoft\UserSecrets

A secrets.json file is placed inside this folder.

The unique identifier is stored in your project file, e.g. the .csproj for your ASP.NET Core project.

Given this information, you could initialise Secret Manager by hand. But it would be nice if you didn’t have to. Visual Studio 2017 and up on Windows allows you to do this from the IDE, but neither Rider nor its User Secrets plugin has this ability. How you go about initialising Secret Manager in this case depends on the version of the .NET Core SDK you are using.

If you have the .NET Core SDK 3.0.100 or later you can use the .NET Core CLI from the ASP.NET Core project directory.

dotnet user-secrets init

This generates a unique identifier for you (a GUID), creates the folder in the usersecrets folder and adds the unique identifier to your project file.

If you don’t have a high enough version of the .NET Core SDK installed on your development machine, you can perform the initialisation manually.

  1. Open your ASP.NET Core project in Rider
  2. In the Solution Explorer, right-click on the ASP.NET Core project -> Edit -> Edit .csproj. The project file will open.

3. Find the <TargetFramework> element and add the following immediately below it <UserSecretsId>{Your-Unique-Identifier}</UserSecretsId>

4. Save and close the csproj file.

Managing User Secrets with the .NET Core User Secrets Plugin for Jetbrains Rider

With the project linked to a User Secrets file it is very straightforward to manage your project’s user secrets. In Rider’s Solution Explorer, right-click on the ASP.NET Core project -> Tools -> Open project user secrets.

This opens the secrets.json file for your project allowing you to add, edit, remove items by hand.


Unleashing potential with technology

Alastair Christian

Written by

Aussie in South Africa. COO at DataDIGEST. Occasional writer. General observer.


Unleashing potential with technology

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade