Ben Oram

Quick notes on tech, AWS, .NET & containers

asp.net core

| 1 min read

Where possible, leverage the Alpine docker image for ASP.NET Code. Out of the box, the image is more secure than the default Debian buster image, and the Alpine images are a bit smaller.

docker pull mcr.microsoft.com/dotnet/aspnet:5.0-alpine

| 1 min read

Storing secrets in source control is something to avoid. Secrets stored in git can easily be inadvertently shared though a fork or push to a public origin, and they are easily found in-bulk by anyone with read access to the repo.

For .NET developers that need secrets on their local machine, leverage dotnet user-secrets to store secrets that can be easily retrieved through configuration. For Mac users, secrets are stored in ~/.microsoft/usersecrets

Prereq

From your project’s source directory, run this command. It only needs to be run once.

dotnet user-secrets init

Set a secret from command-line/terminal

From your project’s source directory

dotnet user-secrets set "db:password" "VerySecurePassword!0!"

Retrieve secret in code

var password = Configuration["db:password"];

References