Store credentials in ASP.NET 5 application

The old hands among us still come from a time when you stored sensitive information like passwords and access keys in app.config, web.config or later in appsettings.json.

Fortunately, this has changed in recent years and it has become much easier to store trustworthy information.

The following example shows how easy it has become with the latest versions of ASP.NET to accomplish this and is aimed primarily at newcomers.

You can find a full working copy here

Prerequisites

1. Create a new ASP.NET Core empty application in your latest Visual Studio
2. Provide a meaningful name (like usersecrets-aspnet-example) and target the latest .NET Framework (5.0 in my case)

Configure User Secrets

1. Right click in the context menu and choose “Manage User Secrets”

2. Add following json and save the file

Use Secrets in your application

1. Go to your startup.cs and inject the IConfiguration property via the constructor

2. Now you can access the user secrets in your application

As you can see, the use of User Secrets in the latest .NET version is very simple and powerful. Almost all hosting providers offer their own managed user secret configurations, which can then also be used in the test and production versions.