User Secrets in ASP.NET Core With Jetbrains Rider

Alastair Christian
Oct 23, 2019 · 3 min read
Image for post
Image for post

ASP.NET Core provides tools to help avoid storing sensitive data used during development in source code. Personally, I’m not a big fan of environment variables for storing development secrets, so I have started using the Secret Manager. The Secret Manager is a tool that allows you to store app secrets in a JSON file that lives outside the project tree, but access them through the Configuration API. You should always remember that this JSON file is not encrypted, so never use it for test or production environments. I use it as an easy way to keep my connection strings and other developer-specific data and secrets separate from the code that I commit to the project git repository.

Secret Manager has a nice CLI for managing app secrets for a project and the Visual Studio integration looks pretty solid. However, I use Jetbrains Rider, where the integration picture is less clear. There is a useful plugin which helps, but requires some manual intervention to get started. What follows are the steps I follow to start using Secret Manager in my ASP.NET Core development projects in Rider.

Initialising Secret Manager in a Project

How Secret Manager works is simplicity itself. You assign a unique identifier to your project and a corresponding folder for the unique identifier is created in:

  • Mac/Linux: ~/.microsoft/usersecrets
  • Windows: %APPDATA%\Microsoft\UserSecrets

A secrets.json file is placed inside this folder.

The unique identifier is stored in your project file, e.g. the .csproj for your ASP.NET Core project.

Given this information, you could initialise Secret Manager by hand. But it would be nice if you didn’t have to. Visual Studio 2017 and up on Windows allows you to do this from the IDE, but neither Rider nor its User Secrets plugin has this ability. How you go about initialising Secret Manager in this case depends on the version of the .NET Core SDK you are using.

ASP.NET Core 3.0 and Above

If you have the .NET Core SDK 3.0.100 or later you can use the .NET Core CLI from the ASP.NET Core project directory.

dotnet user-secrets init

This generates a unique identifier for you (a GUID), creates the folder in the usersecrets folder and adds the unique identifier to your project file.

ASP.NET Core 2.x

If you don’t have a high enough version of the .NET Core SDK installed on your development machine, you can perform the initialisation manually.

  1. Open your ASP.NET Core project in Rider
  2. In the Solution Explorer, right-click on the ASP.NET Core project -> Edit -> Edit .csproj. The project file will open.
Image for post
Image for post

3. Find the <TargetFramework> element and add the following immediately below it <UserSecretsId>{Your-Unique-Identifier}</UserSecretsId>

4. Save and close the csproj file.

Managing User Secrets with the .NET Core User Secrets Plugin for Jetbrains Rider

With the project linked to a User Secrets file it is very straightforward to manage your project’s user secrets. In Rider’s Solution Explorer, right-click on the ASP.NET Core project -> Tools -> Open project user secrets.

Image for post
Image for post

This opens the secrets.json file for your project allowing you to add, edit, remove items by hand.

DataDIGEST

Expertise Unleashed

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store