Click here to Skip to main content
14,242,925 members

ASP.NET Core 2.0 Secret Manager

Rate this:
3.48 (5 votes)
Please Sign up or sign in to vote.
3.48 (5 votes)
31 Aug 2017CPOL
How do you securely store configuration settings without exposing them to source control in ASP.NET Core. Continue reading...

Problem

How do you securely store configuration settings without exposing them to source control in ASP.NET Core.

Solution

Create an empty project and right-click on project solution and click “Manager User Secrets”:

This will open the secrets.json file, add a setting name/value pair:

{
  "SecretSetting":  "SecretValue"
}

Add a POCO for these application settings:

public class AppSettings
    {
        public string SecretSetting { get; set; }
    }

Then, inject configuration settings in the constructor for Startup class:

public static IConfiguration Config { get; private set; }

        public Startup(
            IConfiguration config)
        {
            Config = config;
        }

Then add option services in ConfigureServicees() method of Startup class:

public void ConfigureServices(
            IServiceCollection services)
        {
            services.AddOptions();
            services.Configure<AppSettings>(Config);
        }

Next, inject settings as IOptions<T> interface, where T is your POCO for settings:

public static class UseMiddlewareExtensions
    {
        public static IApplicationBuilder UseHelloWorld(this IApplicationBuilder app)
        {
            return app.UseMiddleware<HelloWorldMiddleware>();
        }
    }

    public class HelloWorldMiddleware
    {
        private readonly RequestDelegate next;
        private readonly AppSettings settings;

        public HelloWorldMiddleware(
            RequestDelegate next,
            IOptions<AppSettings> options)
        {
            this.next = next;
            this.settings = options.Value;
        }

        public async Task Invoke(HttpContext context)
        {
            var jsonSettings = JsonConvert.SerializeObject(this.settings);
            await context.Response.WriteAsync(jsonSettings);
        }
    }

Setup the middle in Configure() method of Startup class:

public void Configure(
            IApplicationBuilder app, 
            IHostingEnvironment env)
        {
            app.UseHelloWorld();
        }

Running the sample application gives you the following output:

Discussion

I discussed in the previous post how configuration settings can be stored in configuration files. However, these files are checked in the source control and not suitable to store confidential settings. In a production environment, these settings can be stored in environment variables or Azure Key Vault however, for development ASP.NET Core provides an alternate solution: Secret Manager.

Secret Manager lets developers store configuration settings in secrets.json file, which isn’t checked-in the source control. The secrets.json file is stored in AppData folder, you could see the exact path by hovering your mouse over the file tab in VS 2017. An important point to note is that the settings are stored in plain text. This file is read by the runtime when loading configuration during building the WebHost, as discussed here.

CLI

You could also use the CLI command dotnet user-secrets to manage the secret settings. In order to do that, first add the following to .csproj:

<ItemGroup>
    <DotNetCliToolReference Include="Microsoft.Extensions.SecretManager.Tools" 

    Version="2.0.0" />
  </ItemGroup>

Now, you could use the following commands to manage the secrets:

CommandDescriptionExample
listList all the secretsdotnet user-secrets list
setAdd/update user secretdotnet user-secrets set SecretSetting “SecretValue”
removeRemoves a secretdotnet user-secrets remove SecretSetting
clearRemove all secretsdotnet user-secrets clear

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Tahir Naushad
Software Developer (Senior)
United Kingdom United Kingdom
Qualified and skilled professional with experience working as a Software Developer, Technical Lead and Architect. I have worked on windows, web and distributed applications using the latest set of technologies within the Microsoft .NET ecosystem. I have lead teams using agile methodologies and trained developers in writing well-designed and maintainable software applications.

Currently focusing on C#, ASP.NET Core, EF, JavaScript, React, Azure, Domain Driven Design and Microservices.

Comments and Discussions

 
-- There are no messages in this forum --
Technical Blog
Posted 31 Aug 2017

Tagged as

Stats

6.8K views
2 bookmarked