User secrets


To use the cloud service we will store some private keys in the configuration files.

appsettings.json already contains a key for TokenSecret that should not be committed in a public repository.

.NET Core has User Secrets which we can use to store application variables outside the application folder.

The file that stores the secrets ends up in one of the following locations:

  • Windows: %APPDATA%\microsoft\UserSecrets<userSecretsId>\secrets.json
  • Linux: ~/.microsoft/usersecrets//secrets.json
  • Mac: ~/.microsoft/usersecrets//secrets.json

Setup a new key

Generate a new GUID for the application (a nice extension is Insert GUID from heaths.vscode-guid)

Open DatingApp.API.csproj and add a key UserSecretsId with the new GUID.


Now we are going to generate a new TokenSecret for our authentication.

Remove or rename the TokenSecret key from appsettings.json. To avoid confusion to other developers I choose to set the key to a descriptive value.

"AppSettings": {
  "TokenSecret": "Set the key in secrets. View README for more info."
dotnet user-secrets set "AppSettings:TokenSecret" "super duper secret key"

Verify in the configuration file that the key was added.

cat ~/.microsoft/usersecrets/e6bed759-7533-4565-abce-739583090011/secrets.json

To remove a key

dotnet user-secrets remove "wrong:keyname"


In netcore2.1 no additional configuration is necessary. Simply access the key like before.