DEV Community

Cover image for Visual Studio shared user secrets
Karen Payne
Karen Payne

Posted on

Visual Studio shared user secrets

#csharp #dotnetcore #devops #security

Introduction

Learn how to create common user secrets for desktop and web applications, along with several generic methods to read sections and properties from appsettings.json.

Explore how to work with several paths. While all of the code presented works, only one makes sense for central secret management.

These are just a few examples of common user secrets, API keys, private database connection strings, and protected URLs. The code samples provided use mail settings, help desk, and connection strings.

Note
The code assumes a developer is not interested in using Azure vault.

Using a local NuGet package

Using a local NuGet package rather than referencing a class project allows code to read secret settings. This can be done using the same technique as adding a NuGet package from an online server.

Set up a local NuGet package

To set up a local NuGet package, create a folder. Open Microsoft Visual Studio, Options, NuGet Package Manager, Package Sources.

  • Click the + button
  • Configure the folder just created.

In the example shown below, Local is the location where the NuGet package(s) will be stored.

NuGet Package Manager, Package Sources

Use a NuGet local package

With Visual Studio and Solution Explorer open, right-click on the Dependency node of the desired project and select Manage NuGet package. Once the dialog appears, change the package source, in this case, to Local.

NuGet Package Manager

Select the desired package.

Central management of user secrets

Rather than storing user secrets in an application, secrets will be stored in a class project. Then, as per the instructions above, a local NuGet package will be created and made available to applications through the local feed setup.

Step 1

For a sample, see the following project.

Create a Class protect

Add the following packages.

  • Microsoft.Extensions.Configuration
  • Microsoft.Extensions.Configuration.EnvironmentVariables
  • Microsoft.Extensions.Configuration.UserSecrets
  • Microsoft.Extensions.Options
  • ConfigurationLibrary

Step 2
Create classes/models for the secrets

Step 3

Create the json for the secrets, see the following sample.

Step 4

Add the following class to the project, which is responsible for.

  • Read user secrets
  • Provides methods to sections and properties in appsettings.json

Note Remove the following methods, ConnectionString, MailSettings and HelpDesk. Replace them with your methods to access your data in appsettings.json

Step 5

  • Right-click on the project in Solution Explorer, select Manage User Secrets.
  • Add your json from step 3.

Step 6

Create a front-end project to test reading user secrets.

  • Add a reference to the class project.
  • Write code to test.

Step 7

  • Once satisfied,create a NuGet package for the above class project.
  • Copy the package to the local NuGet folder
  • Create a new front-end project
  • Add the new NuGet package to the project
  • Copy code from the test project to this project.
  • Run the project.

To get an idea of the above process, in the provided source code, inspect the following projects, TeamsSecretsLibrary and UsesLocalPackageApp.

Path without using a local NuGet package

Included are the following projects.

SecretsLibrary1 and SecretsModelsLibrary which perform the same operations as using a local package. The SecretsModelsLibrary can be merged into SecretsLibrary1. There are two packages as some developer tend to do this.

There are several front-end projects to practice with which do not use the NuGet local package but they can easily be converted to use the local NuGet package by removing the above two project references and adding the local NuGet package.

Source code

Source code

Summary

A lot has been covered, but after taking time to process what has been presented, any application can use the centrally managed secrets.

Make sure to check out the ASP.NET Core project SampleApp5 were the local package is used in _Layout.cshtml.

@{
    // Retrieve the help desk information from the SecretApplicationSettingReader
    var helpDesk = SecretApplicationSettingReader.Instance.HelpDesk;
}

<footer class="border-top footer text-muted">
    <div class="container">
        <strong>HelpDesk Phone</strong> @helpDesk.Phone
    </div>
</footer>
Enter fullscreen mode Exit fullscreen mode

See also

Top comments (4)

Collapse
 
growthlimitcom profile image
GrowthLimit.com

Good post!

Collapse
 
binarypatrick profile image
BinaryPatrick

Question: How does this work when deploying somewhere or testing in a CI/CD pipeline? You can't deploy your local nuget full of secrets..? The code expects those structures.

Why is this better than environment variables or appsettings.json?

Collapse
 
karenpayneoregon profile image
Karen Payne

This does not work in every possible scenario.

Collapse
 
werliton profile image
Werliton Silva

Nice post

Some comments may only be visible to logged-in visitors. Sign in to view all comments.