What is Secret Manager in ASP.Net Core?

This article explains how to hide confidential information for an ASP.NET Core (now .Net 5) app on an development machine. As we know, ASP.Net Core application comes with appsettings.json file. This file contains basic configurable information about the project. Some developer store database connection string with password and some third party API credentials. The best practice says, never store passwords or other delicate information in any file within the source code.

In an ASP.Net Core or .Net 5 based application, you will need to ensure certain bits of application information, called user secrets, that ought not be shared with other people. Your secret information may include a database connection details, third party API credentials, API keys.

At the point when you share your project with others or you push your source code to a source control like TFS or github then this secret data likewise will be shared to other people.

How can we avoid this?

A feature in ASP.NET Core named Secret Manager allows you to store user secrets outside your source code.

What is Secret Manager?

The Secret Manager tool stores confidential information during the development of an ASP.NET Core project. In this specific situation, a piece of confidential information is an app secret. App secrets are put away in a different area from the source code. The app secrets are related with a particular application or shared across a several .Net Core projects. The app secrets aren’t not a part of source control so they are not checked in to source control.

The Secret Manager tool doesn’t encode the stored data. It’s for application development purposes only. The keys and values are put away in a JSON based file in the user profile directory.

How secret manager works?

The Secret Manager tool hide the details, for example, where and how the confidential data are put away. You can utilize the tool without knowing these execution details. The data are put away in a JSON document in the local machine’s user profile folder:

In Windows Machine, secrets.json file path is –


How to create User Secrets in Visual Studio 2019?

I have created a .Net 5 based application in Visual Studio 2019. To add User Secrets in .Net 5 based application, follow below steps.

  • Open Visual Studio 2019.
  • Create a project. In my case, I created .Net 5 based Web API project. (To know how to create .Net 5 Web API in Visual Studio 2019, Click Here)
  • Right click on project name in Solution explorer.
  • Select Manage User Secrets. You may notice that a JSON file secrets.json is now created.
  • Now cut the connection string node from appsettings.json file and paste it into secrets.json file.
  • Build your project and run your application. It should work perfectly.

Remember, secrets.json file is not the part of your project. So, whenever you share your project or you add your project to a source control, the database connection string will not be shared and in this way you have securely shared your project with others.

Note: This feature is only available for your local development machine and not for UAT or Production.

Summary –

Secret Manager is a feature in ASP.Net Core and .Net 5 which helps us to hide confidential information from others. It works only on development machine. In this way, if you share the source code with other members your confidential information like database password will not be shared with them.

Hope you like this article. Please write down your feedback in comment box below.

Leave a Comment