EP 36 : How to manage User Secrets in ASP.NET Core Web API

Read Time : 2 Mins

About today’s newsletter :

In today’s newsletter we are going to discuss:

• Why should we hide user secrets

• What benefits we get by securing

• Multiple ways to secure information

• Securing data via user secrets file in local development

Why should we hide the user secrets

When developing an ASP .NET Core application, the user secrets feature is essential for safeguarding sensitive information such as database credentials and API keys.

Unlike storing these secrets directly in configuration files like appSettings.json, we should keep them at a safe place.

This prevents unintentional exposure of sensitive details when pushing code to version control, ensuring a safer development environment.

Benefits of securing the secrets

Keeping data secure gives us following benefits:

1/ Enhanced Security
2/ Version Control Safety
3/ Development Flexibility

Multiple options to secure appsetting information

We have multiple ways to keep data secure :

1/ Azure Key Vault
2/ AWS Secrets Manager
3/ Using .NET user secrets manager

Securing data via user secrets file

We can secure our data in just three simple steps.

STEP 1 - Create File

Right click on your project in visual studio and you would see an option of ‘Manage User Secrets’, click on it.

It will automatically install following nuget package

Microsoft.Extensions.Configuration.UserSecrets

STEP 2 - Add Secrets

It will open up an empty file, you have to move your information here that you wanna hide.

Now you would be able to see a secret id in csproject file like this and your secret file resides at different place, not in the code.

This Id is used to retrieve the information, nothing else goes with code.

If same information was found in app settings and user secrets then user secrets would be read.

STEP 3 - Start using information with Options Pattern/IConfiguration

Start reading the data from user-secrets in the same way as we do for appsetting either Options pattern or IConfiguration.

This is best way to secure your secrets in local development environment instead of going for cloud options.

Whenever you’re ready, there are 2 ways I can help you

1. Promote yourself to 7500+ subscribers by Sponsoring my Newsletter

2. Become a Patron and get access to 160+ .NET Questions and Answers

---

Special Offers

1. Pragmatic Clean Architecture: Learn how to confidently ship well-architected production-ready apps using clean architecture. [ 10% discount with promo code MUWAS]

2. Ultimate ASP.NET Core Web API Second Edition - Premium Package [10% discount with promo code 9s6nuez]

---

Knowledge that is not acted upon is worthless - Ibn Arabi

Comments

[Praveen Raj S G]

Very useful article!