Reputation:
ASPNET Core: Accessing App Settings in Azure that Were in Secrets
I have an ASPNET Core site which, while running on my development machine, takes advantage of the new local secrets manager to store passwords for a few initial users. I access the secrets store via IConfigurationRoot.GetSection("username").
Here's how IConfigurationRoot gets built in Startup.cs:
var builder = new ConfigurationBuilder()
.SetBasePath(env.ContentRootPath)
.AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
.AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true);
if (env.IsDevelopment())
{
// For more details on using the user secret store see http://go.microsoft.com/fwlink/?LinkID=532709
builder.AddUserSecrets();
}
builder.AddEnvironmentVariables();
Configuration = builder.Build();
That final line is the IConfigurationRoot property.
This works great in development. Unfortunately, when I published the site to Azure, the passwords aren't being found. Azure doesn't support a secrets stash, but you can set environmental variables. I thought from what I read that if you use the same keys, they'll be found when the configuration code attempts to resolve a request for configuration information. Unfortunately, that's not working, so I'm obviously missing something.
Here's how I have the keys configured in Azure:
Those are the same keys as I use to successfully access the secrets stash on my development machine.
So what am I doing wrong?
Upvotes: 4
Views: 2110
Answers (1)
Reputation: 18465
As far as I know, the Secret Manager tool could help you to keep secrets out of your source code. And as this tutorial mentioned:
The Secret Manager tool does not encrypt the stored secrets and should not be treated as a trusted store. It is for development purposes only. The keys and values are stored in a JSON configuration file in the user profile directory.
Meanwhile, we could find that the secrets are stored in a JSON file in the user profile directory. For windows, it would be stored in the path as follows:
%APPDATA%\microsoft\UserSecrets\<userSecretsId>\secrets.json
Unfortunately, when I published the site to Azure, the passwords aren't being found.
I followed this tutorial to store my sensitive data in ASP.NET Core project via User Secrets, and found it could work well on my side. When publishing your app to Azure, you could leverage Azure App Services Application Settings to override the sensitive values which are stored by using the Secret Manager tool in your development. Here is a sample for you to understand it.
Assuming the structure of secrets.json file which stores your sensitive values as follows:
{
"AppKeys": {
"mark": "ABCDEF",
"connel": "abcdef"
}
}
Then you could configure app settings in your Azure Web App as follows:
For a better understanding of this idea, you could follow User Secrets – Storing sensitive data in ASP.NET Core projects and Working with Azure App Services Application Settings and Connection Strings in ASP.NET Core.
Upvotes: 3
Related Questions
- Accessing Azure App Configuration from a console application
- Retrieving secrets from KeyVault defined in appsettings
- Using KeyVault secrets to override appsettings in Azure App Service and locally
- How can access secrets like app-settings and connection-strings in web.config, from Azure key Vault using a Web-app hosted at on-premise IIS
- Store appsettings.json in Azure App Service Web App
- Asp.Net Core app deployed to IIS (locally) cannot read values from "Secrets-Manager"?
- How to make app settings in .NET Core that translate to Azure app settings?
- reading appSettings from asp.net core webapi
- Get Azure AppSettings in a Controller
- What Can Access "App Settings Key Values"?