ASPNET Core User Secrets

One of things I recently know: ASPNET Core user secrets.

I took over another ASPNET Core project. As usual, I did a normal routine

  1. Check out the code from repository
  2. Compile and hit F5

Oops! It compiled but an exception was thrown at runtime. Usually, the configuration was wrong because the code was now running on my machine. I checked the source and looked for the appsettings.json or appsettings.development.json file. Bad news! They were not there.

How could the other developers run it locally? Were there any secrets? Apparently, yes there was a User Secret.

<PropertyGroup>
  <TargetFramework>netcoreapp3.1</TargetFramework>
  <UserSecretsId>79a3edd0-2092-40a2-a04d-dcb46d5ca9ed</UserSecretsId>
</PropertyGroup>

And here is the complete article from Microsoft Docs. Once I read it, Aha! It has been around for a while. Just that I was behind the bar.

The purpose is clear. It enforces security by preventing accidental commits to repository. There are connection strings, credentials, passwords, … all kind of sensitive information. It is so easy to make a mistake and push them into the remote repositories.

However, I had a secret problem. There are more than 15 settings. Adding them one by one is not a pleasure task. Note that there was a configuration file with all default settings. If every developer names their database, port, folder, … consistently, the configuration is the same. I had that file by asking other developers. How do I import them into my secrets?

  1. Open the secret folder at %appdata%\Microsoft\UserSecrets\
  2. Find the folder with the secret ID
  3. Copy the appsettings.development.json file to it and rename to secrets.json. Delete the existing one if exists

And it works perfectly. If there are differences in configuration between branches, be aware of updating the secrets.

The secrets are revealed!