Protecting sensitive data using Secret Manager in .Net Core


Accidentally pushing sensitive data stored in application config into source controls!!! Thankfully this happens to many not only you ๐Ÿ˜œ. It feels good when you have company doing mistakes or anything else.

So here is how make sure this does not happen again. There are multiple ways to protect, the one we will learn now is using Secret Manager tool in #dotnetcore.
All we have to do use dotnet user-secrets this command. Before using it remove the sensitive value of the property you are trying to hide.
In my case it is "TwilioAuthToken":"" in appsettings.json file.
Now in the terminal run this below command,
dotnet add package Microsoft.Extensions.SecretManager.Tools
We have the necessary tools required to run the commands on user-secrets.
Lets create a key value vault for our project in *.csproj file like this
<PropertyGroup>
<UserSecretsId>LocalKeyVault</UserSecretsId>
</PropertyGroup>
Once you have a vault create we can now add/remove key value using this command
dotnet user-secrets set TwilioAuthToken secretcodegoeshere
Done! Now accessing this using configuration["TwilioAuthToken"] gets me the config value from %AppData%\Microsoft\UserSecrets\LocalKeyVault\secrets.jsonWhich I am sure is not gonna get checked-in mistakenly๐Ÿ˜œ
-Photo by Micah Williams on Unsplash

Comments

Popular posts from this blog

Launch .Net Core with VSCode for starters

Google Maps