Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to deploy ASP.NET Core UserSecrets to production

I followed the Safe storage of app secrets during development guide over on the asp.net docs during development but it does not describe how to use it when publishing to another machine for QA, Production, etc. What I figured it would do was insert them into the appsettings.json during publish but it does not. I ended up having to place my SendGrid keys and other sensitive information directly into the appsettings.json which really defeats the purpose of the app secrets.

Is using app secrets the best way or is there another way to store API keys and SQL user/passwords in my configs?

like image 462
Mitchell Skurnik Avatar asked Sep 23 '16 19:09

Mitchell Skurnik


People also ask

Where are secrets stored in production?

Secrets are stored in a separate configuration file in encrypted form. The secrets are then decrypted at runtime using AWS Key Management Service. This way you can version your secrets along with your application's source code, while avoiding storing secrets in clear text.

Where are secrets stored in .NET Core?

User Secrets is a great feature in ASP.NET Core that is an excellent alternative to using environment variables. User Secrets ensures that there is no sensitive data included in the source code. Instead, the user secrets are stored outside of the project folder — inside the user's profile folder in the file system.

How would you enable secret storage in an ASP.NET Core project?

Enable secret storage The inner text is arbitrary, but is unique to the project. In Visual Studio, right-click the project in Solution Explorer, and select Manage User Secrets from the context menu.


1 Answers

Don't use app secrets in production. Ever. As the article says DURING DEVELOPMENT.

How you publish secrets in production is up to your production environment. Linux, Windows and Azure all support environment variables - that's where your secrets should go, using whatever UI your hosting provider gives you.

The app settings documentation goes into this in greater detail

like image 98
blowdart Avatar answered Sep 26 '22 20:09

blowdart