Published in


User Secrets in ASP.NET Core With Jetbrains Rider

ASP.NET Core provides tools to help avoid storing sensitive data used during development in source code. Personally, I’m not a big fan of environment variables for storing development secrets, so I have started using the Secret Manager. The Secret Manager is a tool that allows you to store app secrets in a JSON file that lives outside the project tree, but access them through the Configuration API. You should always remember that this JSON file is not encrypted, so never use it for test or production environments. I use it as an easy way to keep my connection strings and other developer-specific data and secrets separate from the code that I commit to the project git repository.

Secret Manager has a nice CLI for managing app secrets for a project and the Visual Studio integration looks pretty solid. However, I use Jetbrains Rider, where the integration picture is less clear. There is a useful plugin which helps, but requires some manual intervention to get started. What follows are the steps I follow to start using Secret Manager in my ASP.NET Core development projects in Rider.

Initialising Secret Manager in a Project

How Secret Manager works is simplicity itself. You assign a unique identifier to your project and a corresponding folder for the unique identifier is created in:

  • Mac/Linux: ~/.microsoft/usersecrets
  • Windows: %APPDATA%\Microsoft\UserSecrets

A secrets.json file is placed inside this folder.

The unique identifier is stored in your project file, e.g. the .csproj for your ASP.NET Core project.

Given this information, you could initialise Secret Manager by hand. But it would be nice if you didn’t have to. Visual Studio 2017 and up on Windows allows you to do this from the IDE, but neither Rider nor its User Secrets plugin has this ability. How you go about initialising Secret Manager in this case depends on the version of the .NET Core SDK you are using.

ASP.NET Core 3.0 and Above

If you have the .NET Core SDK 3.0.100 or later you can use the .NET Core CLI from the ASP.NET Core project directory.

dotnet user-secrets init

This generates a unique identifier for you (a GUID), creates the folder in the usersecrets folder and adds the unique identifier to your project file.

ASP.NET Core 2.x

If you don’t have a high enough version of the .NET Core SDK installed on your development machine, you can perform the initialisation manually.

  1. Open your ASP.NET Core project in Rider
  2. In the Solution Explorer, right-click on the ASP.NET Core project -> Edit -> Edit .csproj. The project file will open.

3. Find the <TargetFramework> element and add the following immediately below it <UserSecretsId>{Your-Unique-Identifier}</UserSecretsId>

4. Save and close the csproj file.

Managing User Secrets with the .NET Core User Secrets Plugin for Jetbrains Rider

With the project linked to a User Secrets file it is very straightforward to manage your project’s user secrets. In Rider’s Solution Explorer, right-click on the ASP.NET Core project -> Tools -> Open project user secrets.

This opens the secrets.json file for your project allowing you to add, edit, remove items by hand.




Unleashing potential in the cloud

Recommended from Medium

“We Stopped Working With a Scrum Master and We’re Killing It”

Tell Stories and Give Samples of Your Work

Sell Yourself by Telling Stories

Troubleshooting Kubernetes: The Beginner's Guide

How to Debounce Props With React Hooks

Creating a Progression Framework

GitHub Actions: Beyond CI/CD

Laptop screen showing the GitHub Actions homepage, next to a framed schnauzer picture.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alastair Christian

Alastair Christian

Aussie in South Africa. COO at DataDIGEST. Occasional writer. General observer.

More from Medium

The Facilis framework for dotnet core — the plan

C# Understanding Interfaces + simple mocking + testing (xUnit + NSubstitute)

A better alternative than Signals in Godot with C# + Dependency Injection

ConfIT: Declarative Integration Tests