loading...
Cover image for Protecting sensitive data using Secret Manager in .Net Core

Protecting sensitive data using Secret Manager in .Net Core

bitsmonkey profile image bitsmonkey ・1 min read

Accidentally pushing sensitive data stored in application config into source controls!!! Thankfully this happens to many not only you 😜. It feels good when you have a company doing mistakes or anything else.

So here is how to make sure this does not happen again. There are multiple ways to protect, the one we will learn now is using Secret Manager tool in #dotnetcore.

All we have to do use dotnet user-secrets this command. Before using it remove the sensitive value of the property you are trying to hide.

In my case it is "TwilioAuthToken":"" in appsettings.json file.

Now in the terminal run this below command,

dotnet add package Microsoft.Extensions.SecretManager.Tools

We have the necessary tools required to run the commands on user-secrets.

Lets create a key value vault for our project in *.csproj file like this

<PropertyGroup>
  <UserSecretsId>LocalKeyVault</UserSecretsId>
</PropertyGroup>

Once you have a vault create we can now add/remove key value using this command

dotnet user-secrets set TwilioAuthToken <secretcodegoeshere>

In-case you have settings grouped like this

"Telegram":{
    "TelegramBaseAddress":"https://api.telegram.org/bot",
    "TelegramAPIKey":""
  }

Use the command this way

dotnet user-secrets set "Telegram:TelegramAPIKey" "<secretcodegoeshere>"

Done! Now accessing this using configuration["TwilioAuthToken"] gets me the config value from %AppData%\Microsoft\UserSecrets\LocalKeyVault\secrets.json Which I am sure is not gonna get checked-in mistakenly 😜

-Originally Blogged on Bitsmonkey
-Photo by Micah Williams on Unsplash

Discussion

pic
Editor guide
 

Avoiding that accidental commit is huge! Appreciate you dropping this information.