We are creating an .NET Core 2.1 application with a Web API project that connects to a SQL Server database.
I am trying to get my head around the proper use of environment variables when it comes storing my connection strings in the most secure location possible.
When I heard that I could use environment variables to store things like a connection string that sounded really good. It is secure and we can have the variables differ from developer to developer and on staging and production environment. Which is useful as they do not all have the same name for their SQL Server instance.
But when I now add a connection string to my Windows environment variables like so:
or through the PowerShell like so:
setx CUSTOMCONNSTR_MyContextDb "Server=.\\MYSQLSERVER;Database=MyDb_local;Trusted_Connection=True;ConnectRetryCount=0"
And I try to get it like so:
var connectionString = Configuration.GetConnectionString("MyContextDb");
But this does not work. The string is null.
I can only get this line of code to work if I add the CUSTOMCONNSTR_MyContextDb variable and the value to the environment variables when I go to the properties of the project and than enter the environment variable there on the Debug tab. Which basically just sets them in the launchSettings.json file. This hardly seems a better location than appsettings.json (or is it?).
Have I misunderstood the use of environment variables in .NET Core? Can I not use the windows-defined environment variables? Or can I only use real Windows environment variables on my IIS server?
It looks like I can, because I see a list of over 80 environment variables when I debug and look at the Configuration object.
For reference, this post with a short YouTube clip helped me to better understand the concepts around this, but I do not fully grasp everything, and I hope you can help.