This article shows how you can add User Secrets for a Blazor app, or other related .NET client technology supporting them. User secrets are stored on the individual computer, so one do not have to expose them to others.
They can still be shared between different people if they are told what the secrets are, but is practical in many cases where one for example do not want to expose the secrets such as a password, by checking it into
source
code repositories. This is due to the fact as mentioned that the user secrets are as noted saved on the individual computer.
User secrets was added in .NET Core 1.0, already released in 2016. Not all developers are familiar with them. Inside Visual Studio 2022, you can right click on the Project of a solution and choose Manage User Secrets.
When you choose that option, a file called secrets.json is opened. The file location for this file is shown if you hover over the file. The file location is saved here:
%APPDATA%\Microsoft\UserSecrets\<user_secrets_id>\secrets.json
You can find the id here, the user_secrets_id, inside the project file (the .csproj file).
Example of such a setting below:
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net8.0</TargetFramework>
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
<UserSecretsId>339fab44-57cf-400c-89f9-46e037bb0392</UserSecretsId>
</PropertyGroup>
</Project>
Let's first look at the way we can set up user secrets inside a startup file for the application. Note the usage of reloadOnChange set to true. And adding the user secrets as a singleton service wrapped inside IOptionsMonitor.
Program.cs
builder.Configuration.Sources.Clear();
builder.Configuration
.AddJsonFile("appsettings.json", optional: false, reloadOnChange: true)
.AddJsonFile($"appsettings.{builder.Environment.EnvironmentName}.json", optional: true, reloadOnChange: true)
.AddUserSecrets(Assembly.GetEntryAssembly()!, optional:false, reloadOnChange: true)
.AddEnvironmentVariables();
builder.Services.Configure<ModelSecrets>(builder.Configuration.GetSection("ModelSecrets"));
builder.Services.AddSingleton<IOptionsMonitor<ModelSecrets>>, OptionsMonitor<ModelSecrets>>();
The Model secrets class looks like the following.
namespace StoringSecrets
{
public class ModelSecrets
{
public string ApiKey { get; set; } = string.Empty;
}
}
Home.razor.cs
Let's then look how we can fetch values from the user secrets. The code file for a file Home.razor is put in a file of its own, Home.razor.cs
using Microsoft.AspNetCore.Components;
using Microsoft.Extensions.Options;
namespace ToreAurstadIt.StoringSecrets.Components.Pages
{
public partial class Home
{
[Inject]
public required IOptionsMonitor<ModelSecrets> ModelSecretsMonitor { get; set; }
public ModelSecrets? ModelSecrets { get; set; }
protected override async Task OnInitializedAsync()
{
ModelSecrets = ModelSecretsMonitor.CurrentValue;
ModelSecretsMonitor.OnChange(updatedSecrets =>
{
ModelSecrets = updatedSecrets;
InvokeAsync(StateHasChanged);
});
await Task.CompletedTask;
}
}
}
Note that IOptionsMonitor<ModelSecrets> is injected here and that in the OnInitializedAsync method, the injected value uses the OnChange method and and action callback then sets the value of the ModelSecrets and calls InvokeAsync method with StateHasChanged. We output the CurrentValue into the razor view of the Blazor app.
Home.razor
@page "/"
<PageTitle>Home</PageTitle>
<h1>Hello, world!</h1>
Welcome to your new app.
Your user secret is:
<div>
@ModelSecrets?.ApiKey
</div>
The secret.json file looks like this:
secrets.json
{
"ModelSecrets": {
"ApiKey": "SAMPLE_VALUE_UPDATE_9"
}
}
A small app shows how this can be done, by changing the user secrets file and then reloading the page, changes should be immediately seen:
