This .NET blog post will show how to protect secrets such as access tokens, passwords, and other sensitive information using the .NET secret manager.
Using the Dotnet built-in Secret Manager and the Dotnet CLI, we can create a local secret vault and store sensitive information. This method is good for local development and when applications run on a single server using server-client architecture.
Enable Secret Manager Vault
To create and initialize a local vault for a project, run the following Dotnet CLI command from the main .NET project directory.
dotnet user-secrets init
If you click on the project file (.csproj), you will see that a new line UserSecretsId
was added to the project file. This line links the local secret vault to the project.
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net8.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<UserSecretsId>2c8724b9-0174-4351-975e-c65e7683727b</UserSecretsId>
</PropertyGroup>
Add Secret
To add a secret to the local vault, we use the dotnet user-secrets
command.
dotnet user-secrets set "AzureAd:ClientSecret" "[secret value]"
To access a secret in a .NET application, we use the following.
var clientId = config["AzureAd:ClientId"];
Leave a Reply