Dealing with secrets in ASP .NET Core

This is a short post to complement my post about the configuration in ASP .NET Core. I’ll write about how to add secret settings to your application. ASP .NET Core created a new concept to deal with this. The first thing I did was to add this to the dependencies in project.json:

"Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-rc1-final"

Then inside the constructor of the Startup class I added:

if (env.IsDevelopment())
{
builder.AddUserSecrets();
}

Then I added something like this to project.json:

  "userSecretsId": "idsrv-demo",

This is an ID for the secret storage of your application.

Next, I installed the latest version of runtime and set the alias to point at it, all in one command. The command was:

dnvm upgrade

The next step was adding a global command user-secret by executing the following command:

dnu commands install Microsoft.Extensions.SecretManager

As a result, I can add secret settings with commands like this:

 user-secret set GoogleIdentityProvider:ClientId "342665198077-2lb7ai2oljrojkia5ob4e4kf0rnkeo33.apps.googleusercontent.com"

In this command, GoogleIdentityProvider:ClientId is a hierarchical key for the setting where the hierarchy is built by the colon. You can see all your secret settings with the command user-secret list executed in the root folder of the project.

I just want to point out that I did everything on Linux. However, on Windows, other than using this option, you can also add secret settings from Visual Studio by right clicking on the project and then clicking on Manage User Secret and the you can edit file secrets.json which contains all your secret settings assigned to this project.

A good practice is to put all the secret settings somewhere so the other project participants can find out what they should also provide. I added a whole section of my secrets to the file appsettings.json so it looked like this:

 "GoogleIdentityProvider":{
        "ClientId":"",
        "ClientSecret":""          
    }

All you have to do when working with Visual Studio, is copy this section to secrets.json and then provide the correct settings. I could do it even better by putting this secret settings structure in a separate file so it would be more obvious which part of the settings is secret.

In this post, I have written about how I provide secret settings for my application, and in the next post I will write how I use these settings to authenticate user using Google Identity Provider from IdentityServer4.

Related posts:

• Enrolling in "Daj się poznać"
• "Daj się poznać" - Project details"
• I'm holding a Project Rider EAP
• Installing ASP .NET Core 1 on Ubuntu 14.04
• My first ASP NET Core 1.0 web application
• Project setup - server-side
• Project setup - client-side
• Adding styling to my application
• Angular 2 Confirm Dialog Component
• Before going into production
• Publishing to Azure
• Setting up the Web client for Google Identity Platform
• oidc-token-manager library with Google Identity Platform - Part 1
• oidc-token-manager library with Google Identity Platform - Part 2
• Accessing API with token from Google Identity Provider
• How portable is ASP .NET Core 1.0?
• When dotPeek can save your live
• Reading code as if it were a book
• ASP .NET Core Configuration
• Getting started with IdentityServer4
• IdentityServer4 - accessing API
• Dealing with secrets in ASP .NET Core
• Google Identity Provider with IdentityServer4
• Upgrading to Angular2 RC1
• Experimenting with Angular2 CLI
• Migrating to ASP .NET Core RC2
• Epilogue: Daj się poznać series

• Share this article: