Introduction
To use the cloud service we will store some private keys in the configuration files.
appsettings.json already contains a key for TokenSecret that should not be committed in a public repository.
.NET Core has User Secrets which we can use to store application variables outside the application folder.
The file that stores the secrets ends up in one of the following locations:
- Windows: %APPDATA%\microsoft\UserSecrets<userSecretsId>\secrets.json
- Linux: ~/.microsoft/usersecrets/
/secrets.json - Mac: ~/.microsoft/usersecrets/
/secrets.json
Setup a new key
Generate a new GUID for the application (a nice extension is Insert GUID from heaths.vscode-guid)
Open DatingApp.API.csproj and add a key UserSecretsId with the new GUID.
<PropertyGroup>
<TargetFramework>netcoreapp2.1</TargetFramework>
<UserSecretsId>e6bed759-7533-4565-abce-739583090011</UserSecretsId>
</PropertyGroup>Now we are going to generate a new TokenSecret for our authentication.
Remove or rename the TokenSecret key from appsettings.json. To avoid confusion to other developers I choose to set the key to a descriptive value.
...
"AppSettings": {
"TokenSecret": "Set the key in secrets. View README for more info."
},
...dotnet user-secrets set "AppSettings:TokenSecret" "super duper secret key"Verify in the configuration file that the key was added.
cat ~/.microsoft/usersecrets/e6bed759-7533-4565-abce-739583090011/secrets.jsonTo remove a key
dotnet user-secrets remove "wrong:keyname"Usage
In netcore2.1 no additional configuration is necessary. Simply access the key like before.
Configuration.GetSection("AppSettings:TokenSecret").Value