Accidentally pushing sensitive data stored in application config into source controls!!! Thankfully this happens to many not only you 😜. It feels good when you have company doing mistakes or anything else.
So here is how make sure this does not happen again. There are multiple ways to protect, the one we will learn now is using Secret Manager tool in #dotnetcore.
All we have to do use dotnet user-secrets this command. Before using it remove the sensitive value of the property you are trying to hide.
In my case it is "TwilioAuthToken":"" in appsettings.json file.
Now in the terminal run this below command,
dotnet add package Microsoft.Extensions.SecretManager.Tools
We have the necessary tools required to run the commands on user-secrets.
Lets create a key value vault for our project in *.csproj file like this
Once you have a vault create we can now add/remove key value using this command
dotnet user-secrets set TwilioAuthToken secretcodegoeshere
Done! Now accessing this using
configuration["TwilioAuthToken"] gets me the config value from
%AppData%\Microsoft\UserSecrets\LocalKeyVault\secrets.json Which I am sure is not gonna get checked-in mistakenly 😜
-Originally Blogged on Bitsmonkey
-Photo by Micah Williams on Unsplash