Hello again, fellow developers!
What a beautiful Sunday to dive into the topic of security! I understand that many of you are in the process of developing fantastic .NET applications with a myriad of integration services like Google Cloud Platform, databases, APIs, and more. Each integration brings its set of keys, passwords, and sensitive information, all residing in your appsettings.json file, just waiting for the wrong hands to get hold of them, potentially compromising your integrations and security.
Imagine this scenario: you've just completed an incredible feature and are eager to push it to your public GitHub repository. But then, a moment of panic hits you as you remember that your appsettings.json contains sensitive data. You can't risk exposing it to the public. So, you're faced with the tedious task of scrubbing your configuration clean before publishing. And to make matters worse, every time you start working again, you must reconfigure everything or maintain a separate copy of your appsettings on your local PC.
But fear not, my friends, for the Microsoft team has come to the rescue with something truly remarkable: user secrets.
What is it?
Dotnet user secrets is a command-line tool that securely stores sensitive data in a separate location from your project. The beauty of it is that you can easily access this sensitive information without needing to make any changes to your project itself. Intrigued?
How does it work?
Setting up user secrets is incredibly straightforward, I can assure you! To get started, all you need to do is run the init command within your project folder.
dotnet user-secrets init
After running the init command, you'll notice that your .csproj file will have a UserSecretsId element inside the PropertyGroup, something along these lines:
<PropertyGroup>
<TargetFramework>netcoreapp3.1</TargetFramework>
<UserSecretsId>79a3edd0-2092-40a2-a04d-dcb46d5ca9ed</UserSecretsId>
</PropertyGroup>
Once you've initiated user secrets, you can start adding your "secrets." To add a new secret, use the set command, and make sure to include a key-value attribute like this:
dotnet user-secrets set "ConnectionString" "XYz"
We can consider secrets as similar to our AppSettings.json. For instance, let's say we have the following item configured in it:
You can effortlessly execute the following commands to store the two connection strings in our secrets vault:
dotnet user-secrets set "ConnectionStrings:MySql" "server=127.0.0.1;uid=root;pwd=12345;database=test"
dotnet user-secrets set "ConnectionStrings:SQL" "Server=myServerAddress;Database=myDataBase;User Id=myUsername;Password=myPassword;"
As we can see, we have literal objects in our key-value pairs. In this example, we define two different properties (MySQL and SQL) with distinct values.
After configuring these key-value pairs, you could completely remove the ConnectionStrings section from the AppSettings, and your code would still function seamlessly. Isn't that amazing?
Now that you've added your secrets to your vault, you might wonder how to access them. Well, the beauty of it is that it doesn't change the way you access your AppSettings. You can still inject the IConfiguration interface into your class and access it in the same familiar way.
You could achieve a similar outcome by adding your keys to environment variables, but with the dotnet user-secrets tool, everything becomes more convenient and streamlined for our day-to-day tasks.
It's pretty awesome, right? If you want to dive deeper into this tool, you can find more information here:
https://learn.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-7.0&tabs=linux
There are many more features described that can be incredibly useful for you.
For now, that's all, my friends. I hope you're having a fantastic day!
Keep coding, and I'll see you around!
Top comments (0)