Accidentally pushing credentials to a public repo has never happened to me, but I know a few people for whom it has. AWS have an excellent workaround for this by using credential stores that can be configured via the CLI or IDE but this technique only works for IAM user accounts, it doesn’t allow you to connect to anything outside of the AWS estate.
Welcome to User Secrets in asp.NET 5 – and they’re pretty cool.
User Secrets are a part of the new asp.NET configuration mechanism. If you open Visual Studio 2015 and create a new Web API project, for example, you’ll be presented with something somewhat different to previous versions. Configuration is carried out in Startup.cs, where we can conditionally loadĀ configuration from one or many sources including .config and .json files, environment variables and the User Secret store. To access User Secrets, you want to modify the constructor like so:
public Startup(IHostingEnvironment env, IApplicationEnvironment appEnv)
{
var builder = new ConfigurationBuilder(appEnv.ApplicationBasePath)
.AddJsonFile("config.json")
.AddUserSecrets()
.AddEnvironmentVariables();
Configuration = builder.Build();
}
In this example, the order of calls to AddJsonFile(), AddUserSecrets() and AddEnvironmentVariables() makes a difference. If the property ‘Username’ is defined in config.json and also as a secret then the value in config.json will be ignored in favour of the secret. Similarly, if there is a ‘Username’ environment variable set, that would win over the other two. The order loaded dictates which wins.
To create a secret, first open a Developer Command Prompt for VS2015. This is all managed via the command line tool ‘user-secret’. To check if you have everything installed, at the prompt, type ‘user-secret -h’.
C:Program Files (x86)Microsoft Visual Studio 14.0>user-secret -h
If user-secret isn’t recognised then you may need to install the SecretManager command in the .NET Development Utilities (DNU). Do this by typing ‘dnu command install SecretManager’.
C:Program Files (x86)Microsoft Visual Studio 14.0>dnu command install SecretManager
In my case, this was again not recognised, even though I had just completed a full install of every component of Visual Studio 2015 Professional. If this is still not working for you, then you need to update the .NET Version Manager (DNVM). Do this by typing ‘dnvm upgrade’.
C:Program Files (x86)Microsoft Visual Studio 14.0>dnvm upgrade
Hopefully, you should get a similar response to this:
C:Program Files (x86)Microsoft Visual Studio 14.0>dnvm upgrade Determining latest version Downloading dnx-clr-win-x86.1.0.0-beta6 from https://www.nuget.org/api/v2 Installing to C:UsersPeter.dnxruntimesdnx-clr-win-x86.1.0.0-beta6 Adding C:UsersPeter.dnxruntimesdnx-clr-win-x86.1.0.0-beta6bin to process PATH Adding C:UsersPeter.dnxruntimesdnx-clr-win-x86.1.0.0-beta6bin to user PATH Native image generation (ngen) is skipped. Include -Ngen switch to turn on native image generation to improve application startup time. Setting alias 'default' to 'dnx-clr-win-x86.1.0.0-beta6'
Now try installing the command. You should see all of your registered NuGet sources being queried for updates and then a whole host of System.* packages being installed. The very end of the response should look something like this:
Installed:
10 package(s) to C:UsersPeter.dnxbinpackages
56 package(s) to C:UsersPeter.dnxbinpackages
The following commands were installed: user-secret
Now when you run ‘user-secret -h’ you should get this:
Usage: user-secret [options] [command] Options: -?|-h|--help Show help information -v|--verbose Verbose output Commands: set Sets the user secret to the specified value help Show help information remove Removes the specified user secret list Lists all the application secrets clear Deletes all the application secrets Use "user-secret help [command]" for more information about a command.
You can see five possible commands listed, and getting help on any particular one is also explained. As an example, if you want to set a property ‘Username’ to ‘Guest’ then type this:
C:Program Files (x86)Microsoft Visual Studio 14.0>cd MyProjectFolder C:MyProjectFolder>user-secret set Username Guest
Where MyProjectFolder is the location of a project.json file.
So there you have it. You’re ready to create secrets that can never be accidentally pushed into a public repo or shared anywhere they shouldn’t be. Just remember that emailing them to the dev sitting next to you might not be much better.
Useful links:
https://github.com/aspnet/Home/wiki/DNX-Secret-Configuration
http://stackoverflow.com/questions/30106225/where-to-find-dnu-command-in-windows
Coding Daddy Dobbs 