Ben Oram

Quick notes on tech, AWS, .NET & containers

on Secrets, local development and ASP.NET Core

Storing secrets in source control is something to avoid. Secrets stored in git can easily be inadvertently shared though a fork or push to a public origin, and they are easily found in-bulk by anyone with read access to the repo.

For .NET developers that need secrets on their local machine, leverage dotnet user-secrets to store secrets that can be easily retrieved through configuration. For Mac users, secrets are stored in ~/.microsoft/usersecrets


From your project’s source directory, run this command. It only needs to be run once.

dotnet user-secrets init

Set a secret from command-line/terminal

From your project’s source directory

dotnet user-secrets set "db:password" "VerySecurePassword!0!"

Retrieve secret in code

var password = Configuration["db:password"];


Thanks for reading! If you found my content useful, spread the word!