C
C#10mo ago
cow

User-secrets per machine?

I have many solutions and projects that use the same sql connection string user/password. Currently I use DotNet User Secrets like this: 
dotnet user-secrets set "sql-dev-user" "MyUser"
dotnet user-secrets set "sql-dev-pass" "MyPassword"
dotnet user-secrets set "sql-dev-user" "MyUser"
dotnet user-secrets set "sql-dev-pass" "MyPassword"
Which works fine, but it's at project level so I need to do it for each individual project, and I have many solutions/projects. And each dev would need to set those for each project Is there a way to set a global/machine-level User Secret? It would be great if all project could just read a central "sql-dev-user"/"sql-dev-pass"
27 Replies
lycian
lycian10mo ago
Probably this https://github.com/dotnet/EntityFramework.Docs/issues/3939#issuecomment-1191978026
GitHub
Reverse Engineering Page is Unclear On Utilizing User Secrets · Iss...
The page is very unclear as to how one should actually store user secrets in a way so that dotnet ef dbcontext scaffold Name=ConnectionStrings:Chinook Microsoft.EntityFrameworkCore.SqlServer could ...
cow
cowOP10mo ago
that's still per-project i think it looks like you can manually do it by editing the project file 
<PropertyGroup>
    <TargetFramework>net7.0</TargetFramework>
    <Nullable>enable</Nullable>
    <ImplicitUsings>enable</ImplicitUsings>
    <UserSecretsId>dotnet-UserSecrets-3825E1F5-F0B3-4C37-80C4-D5F24C7F6645</UserSecretsId>
</PropertyGroup>
<PropertyGroup>
    <TargetFramework>net7.0</TargetFramework>
    <Nullable>enable</Nullable>
    <ImplicitUsings>enable</ImplicitUsings>
    <UserSecretsId>dotnet-UserSecrets-3825E1F5-F0B3-4C37-80C4-D5F24C7F6645</UserSecretsId>
</PropertyGroup>
set it up for 1 project, then copy/paste that <UserSecretsId>dotnet-UserSecrets-3825E1F5-F0B3-4C37-80C4-D5F24C7F6645</UserSecretsId> to all other project files, so they all point to the same user secrets good enough for me going via the dotnet user-secrets tool generates a new guid for each project
lycian
lycian10mo ago
yea, I meant that I think the storage is shared enough to be shared. Glad this unblocks you
Sir Rufo
Sir Rufo10mo ago
I have set my "global" secrets in environment variables
Unknown User
Unknown User10mo ago
Message Not Public
Sign In & Join Server To View
Sir Rufo
Sir Rufo10mo ago
That is to me more hassle than using the environment variables. Having multiple user-secrets you have to apply all you need to each project. With the environment variables you are ready to go with doing nothing else.
Unknown User
Unknown User10mo ago
Message Not Public
Sign In & Join Server To View
Sir Rufo
Sir Rufo10mo ago
to all computer?
Unknown User
Unknown User10mo ago
Message Not Public
Sign In & Join Server To View
Sir Rufo
Sir Rufo10mo ago
the user-secret is a simple json file in plain text not encrypted or secured in any way and it can be read by any application how is this more secure than env vars?
Unknown User
Unknown User10mo ago
Message Not Public
Sign In & Join Server To View
Sir Rufo
Sir Rufo10mo ago
Please stop with that leaky env vars - they are not more/less secure then a plain file. period
Unknown User
Unknown User10mo ago
Message Not Public
Sign In & Join Server To View
Sir Rufo
Sir Rufo10mo ago
Oh yeah, that machine wide user secret solves the part with the two unrelated projects with the same config value names 😁
Unknown User
Unknown User10mo ago
Message Not Public
Sign In & Join Server To View
Sir Rufo
Sir Rufo10mo ago
Ok, I am out
Unknown User
Unknown User10mo ago
Message Not Public
Sign In & Join Server To View
i like chatgpt
i like chatgpt10mo ago
Idea 1: @cow You don't need to manually overwrite. Follow the following steps. 1. Only invoke dotnet user-secrets init on projects that need user-secrets as usual. Their ids are of course unique but they will be overwritten later. 2. Assume you have already had an id of user-secrets that you want to share globally. Create the following bash file, save in the most convenient place, for example c:\idchanger.sh, and register this path to system environment variable Path. 
  # idchanger.sh
  find . -type f -name "*.csproj" \
  -exec sed -i \
  's/<UserSecretsId>.*<\/UserSecretsId>/<UserSecretsId>your-secret-id-to-share-globally<\/UserSecretsId>/g' \
  {} +
  
  # idchanger.sh
  find . -type f -name "*.csproj" \
  -exec sed -i \
  's/<UserSecretsId>.*<\/UserSecretsId>/<UserSecretsId>your-secret-id-to-share-globally<\/UserSecretsId>/g' \
  {} +
3. Depending how many projects do you want to overwrite, you can invoke the bash at any level. * If you want to overwrite all projects in a folder d:\allprojects then your active directory must be d:\allprojects. Invoking c:/idchanger.sh will overwrite all projects in d:\allprojects and in its sub directories at any level.
* If you want to overwrite all project in a single solution then the active directory must be the solution directory. * If you want to overwrite a single project only then the active directory must be the project directory. Note The bash file only overwrites the contents of UserSecretId tag that you add temporarily. It DOES NOT touch other tags. It is safe because this approach is carefully thought. 🙂 Idea 2: I found another approach. 1. Create a class library project SharedUserSecrets.csproj with only one interface IMarker.cs. 
  namespace SharedUserSecrets;
  public interface IMarker{}
  
  namespace SharedUserSecrets;
  public interface IMarker{}
2. Initialize this project with dotnet user-secrets init. 3. Other projects that need to access the shared secrets now can just make a reference to this SharedUserSecret project. 
  //...
  builder.Configuration.AddUserSecrets<SharedUserSecrets.IMarker>();
  
  //...
  builder.Configuration.AddUserSecrets<SharedUserSecrets.IMarker>();
Unknown User
Unknown User10mo ago
Message Not Public
Sign In & Join Server To View
i like chatgpt
i like chatgpt10mo ago
Only overwriting temporary <UserSecretId> and the others are left untouched is not harmful. I don't know why it is a problem. This anxiety might occurred because of a lack of careful thorough analysis. 🙂
Unknown User
Unknown User10mo ago
Message Not Public
Sign In & Join Server To View
i like chatgpt
i like chatgpt10mo ago
Let OP decide which one he/she want to use. We can only provide as many reasonable alternatives as we can. For me my approach does the job done based on his/her requirement. She/he does not want to manually copy and paste the shared user secret id among other projects. Closing statement: Keep coding and stay awesome. 🙂
Unknown User
Unknown User10mo ago
Message Not Public
Sign In & Join Server To View
i like chatgpt
i like chatgpt10mo ago
This comment might be made without trying to carefully analyze the script I provided and its impact on the config file. My script is actually safe.
No description
Unknown User
Unknown User10mo ago
Message Not Public
Sign In & Join Server To View
i like chatgpt
i like chatgpt10mo ago
Code I provided has been tested and it works.
Unknown User
Unknown User10mo ago
Message Not Public
Sign In & Join Server To View
Want results from more Discord servers?
Add your server