ASP.NET Core provides tools to help avoid storing sensitive data used during development in source code. Personally, I’m not a big fan of environment variables for storing development secrets, so I have started using the Secret Manager. The Secret Manager is a tool that allows you to store app secrets in a JSON file that lives outside the project tree, but access them through the Configuration API. You should always remember that this JSON file is not encrypted, so never use it for test or production environments. I use it as an easy way to keep my connection strings and other developer-specific data and secrets separate from the code that I commit to the project git repository.
Secret Manager has a nice CLI for managing app secrets for a project and the Visual Studio integration looks pretty solid. However, I use Jetbrains Rider, where the integration picture is less clear. There is a useful plugin which helps, but requires some manual intervention to get started. What follows are the steps I follow to start using Secret Manager in my ASP.NET Core development projects in Rider.
Initialising Secret Manager in a Project
How Secret Manager works is simplicity itself. You assign a unique identifier to your project and a corresponding folder for the unique identifier is created in:
- Mac/Linux: ~/.microsoft/usersecrets
- Windows: %APPDATA%\Microsoft\UserSecrets
A secrets.json file is placed inside this folder.
The unique identifier is stored in your project file, e.g. the .csproj for your ASP.NET Core project.
Given this information, you could initialise Secret Manager by hand. But it would be nice if you didn’t have to. Visual Studio 2017 and up on Windows allows you to do this from the IDE, but neither Rider nor its User Secrets plugin has this ability. How you go about initialising Secret Manager in this case depends on the version of the .NET Core SDK you are using.
ASP.NET Core 3.0 and Above
If you have the .NET Core SDK 3.0.100 or later you can use the .NET Core CLI from the ASP.NET Core project directory.
dotnet user-secrets init
This generates a unique identifier for you (a GUID), creates the folder in the usersecrets folder and adds the unique identifier to your project file.
ASP.NET Core 2.x
If you don’t have a high enough version of the .NET Core SDK installed on your development machine, you can perform the initialisation manually.
- Open your ASP.NET Core project in Rider
- In the Solution Explorer, right-click on the ASP.NET Core project -> Edit -> Edit .csproj. The project file will open.
3. Find the <TargetFramework> element and add the following immediately below it
4. Save and close the csproj file.
Managing User Secrets with the .NET Core User Secrets Plugin for Jetbrains Rider
With the project linked to a User Secrets file it is very straightforward to manage your project’s user secrets. In Rider’s Solution Explorer, right-click on the ASP.NET Core project -> Tools -> Open project user secrets.
This opens the secrets.json file for your project allowing you to add, edit, remove items by hand.