https://github.com/fkucukkara/secretmanagement101
This project demonstrates how to securely read app secrets using ASP.NET Core Minimal API.
https://github.com/fkucukkara/secretmanagement101
netcore-webapi secret-management
Last synced: about 1 year ago
JSON representation
This project demonstrates how to securely read app secrets using ASP.NET Core Minimal API.
- Host: GitHub
- URL: https://github.com/fkucukkara/secretmanagement101
- Owner: fkucukkara
- License: other
- Created: 2025-03-23T13:18:18.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2025-03-23T13:20:31.000Z (about 1 year ago)
- Last Synced: 2025-03-23T14:25:42.351Z (about 1 year ago)
- Topics: netcore-webapi, secret-management
- Language: C#
- Homepage:
- Size: 3.91 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Minimal API with ASP.NET Core - Safe Storage of App Secrets
This project demonstrates how to securely read **app secrets** using **ASP.NET Core Minimal API**. It uses the local **User Secrets** manager for storing sensitive information during development, following Microsoft's recommended approach.
## ๐ Project Overview
- **Language**: C# (.NET 9.0 or later)
- **Purpose**: Safely store and access development secrets (e.g., API keys) without hardcoding them.
- **Feature**: Reads a secret (`ServiceApiKey`) from the local secrets manager and exposes it via a `/reveal-secret` endpoint.
## ๐ Project Structure
```
โโโ Program.cs
โโโ README.md
```
## ๐ ๏ธ Prerequisites
Ensure the following are installed on your system:
- .NET 9.0 SDK or later: [Download .NET](https://dotnet.microsoft.com/download)
## ๐ Code Explanation
`Program.cs`:
```csharp
var builder = WebApplication.CreateBuilder(args);
var app = builder.Build();
app.UseHttpsRedirection();
app.MapGet("/reveal-secret", (IConfiguration config) =>
{
var apiKey = config["ServiceApiKey"];
return apiKey ?? "Secret not found";
});
app.Run();
```
This minimal API reads the `ServiceApiKey` from the **User Secrets** and returns it when you call the `/reveal-secret` endpoint.
## ๐ Managing Secrets
1. **Initialize User Secrets**
Run this command in the project root to enable **User Secrets**:
```bash
dotnet user-secrets init
```
2. **Add a Secret**
Store the `ServiceApiKey` securely using the following command:
```bash
dotnet user-secrets set "ServiceApiKey" "YourSuperSecretKey"
```
3. **Location of Secrets**
On Windows, secrets are stored in:
```
%APPDATA%\Microsoft\UserSecrets\\secrets.json
```
On Linux/macOS:
```
$HOME/.microsoft/usersecrets//secrets.json
```
Example `secrets.json` file:
```json
{
"ServiceApiKey": "YourSuperSecretKey"
}
```
> **Note:** The `user_secrets_id` is defined in the `.csproj` file after initialization.
## โถ๏ธ Running the Application
1. Build and run the API:
```bash
dotnet run
```
2. Access the secret by calling the endpoint:
```bash
curl https://localhost:5001/reveal-secret
```
Expected output:
```
YourSuperSecretKey
```
## ๐ References
- Official Documentation: [Safe storage of app secrets in development in ASP.NET Core](https://learn.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-9.0&tabs=windows)
## ๐งน Cleaning Up
To remove the stored secret:
```bash
dotnet user-secrets remove "ServiceApiKey"
```
Or to clear all secrets:
```bash
dotnet user-secrets clear
```
## ๐ Notes
- **Do not** store secrets in `appsettings.json` for production.
- Use **Azure Key Vault** or other secure stores for production environments.
## License
[](LICENSE)
This project is licensed under the MIT License. See the [`LICENSE`](LICENSE) file for details.