What is the recommended solution for user secrets storage in ASP.NET core in non-Azure production environment?

Question

I am working on a .net core project, which needs to read some user secrets. I read the following two articles.

I am wondering if there is a similar solution for a non-Azure production environment, e.g. one that would work in AWS.

[AWS Secrets Manager](https://aws.amazon.com/secrets-manager/features/) — Frank Fajardo, May 24 '18 at 06:10

wp78de · Accepted Answer · 2019-09-12T16:13:06.980

.NET Core allows you to store your secrets in various places of the configuration system.

There are many different configuration providers listed in the documentation:

File formats (INI, JSON, and XML).
Command-line arguments.
Environment variables.
In-memory .NET objects.
The unencrypted Secret Manager storage.
An encrypted user store, such as Azure Key Vault.
Custom providers (installed or created).

It's convenient to manage the user secret with Microsoft.Extensions.SecretManager.Tools on the command line and then use Microsoft.Extensions.Configuration.UserSecrets to get the secrets from your app's configuration.

However, you should encrypt the stored information yourself, wherever you store it, eg. the appsettings.production.json.

To do so you can make use of a custom configuration provider to encrypt and decrypt your secrets. Your custom provider should inherit from the ConfigurationProvider class as shown here.

public class CustomConfigProvider : ConfigurationProvider
{
    public CustomConfigProvider() { }

    public override void Load()
    {
        Data = MyEncryptUtils.DecryptConfiguration();
    }
}

See also: Encrypted Configuration in ASP.NET Core

What is the recommended solution for user secrets storage in ASP.NET core in non-Azure production environment?

1 Answers1