on Secrets, local development and ASP.NET Core
Storing secrets in source control is something to avoid. Secrets stored in git can easily be inadvertently shared though a fork or push to a public origin, and they are easily found in-bulk by anyone with read access to the repo.
For .NET developers that need secrets on their local machine, leverage
dotnet user-secrets to store secrets that can be easily retrieved through configuration. For Mac users, secrets are stored in
From your project’s source directory, run this command. It only needs to be run once.
dotnet user-secrets init
Set a secret from command-line/terminal
From your project’s source directory
dotnet user-secrets set "db:password" "VerySecurePassword!0!"
Retrieve secret in code
var password = Configuration["db:password"];
Thanks for reading! If you found my content useful, spread the word!