Environment variables or azure vaults?

Microsoft recommends that we use the Azure Key Vault for production (as opposed to just using the secret manager on the server under the user profile that the app pool is running, for example...) Here is the doc: docs.microsoft.com/en-us/aspnet/core/security/key-vault-configuration?view=aspnetcore-6.0 and below is a paste from it (about 3/4 the way down), where it compares dev environment to production: Save the following secrets locally with Secret Manager: .NET CLI **this is dev Copy dotnet user-secrets set "5000-AppSecret" "5.0.0.0_secret_value_dev" dotnet user-secrets set "5100-AppSecret" "5.1.0.0_secret_value_dev" Secrets are saved in Azure Key Vault using the following Azure CLI commands: Azure CLI **this is prod Copy az keyvault secret set --vault-name {KEY VAULT NAME} --name "5000-AppSecret" --value "5.0.0.0_secret_value_prod" az keyvault secret set --vault-name {KEY VAULT NAME} --name "5100-AppSecret" --value "5.1.0.0_secret_value

Hi @JayJay great question! I actually just did this the other day when trying a sample of the StripeAPI for payments. 1) I created my secrets using powershell (set, etc..) , 2) created a class with variables to match the fields in my secrets, 3) I added to my program.cs so it could be injected later into my controllers and services like this: services.Configure(configuration); (StripeOptions was the class I made with properties matching the secrets set in powershell...), then 4) I injected the secrets configuration which is now loaded into a class from the secrets, INTO my service (which you could do directly into a controller if you wanted to instead of a service, the same way), note the context below is unrelated, it just happens to be another thing I needed to inject to the same method at the same time..: public PaymentService(DataContext context, IOptions stripeOptionsAccessor) { _context = context; _stripeOptions = stripeOptionsAccessor.Value; } Hope that helps! Have a great day.

@@DataVids I'm confused. Isn't the video so you can use api keys/secrets in your controller or services? So in the video secrets cannot be used outside of program.cs?

In production they can be environment variables that load from a appsettings.Production.json file - I would assume that your production server is in a secure vnet for example, unlike your dev machine most likely. Using secrets on your dev machine keeps them from accidental commit to GIT too. Another popular solution is an Azure Key Vault, but that is not free.

Aloha! My voice was a little scratchy in this one, but if I waited until I didn't have cold or whatever, probably miss a lot of good video windows ;) Good to hear from you though, hope you are well!