ASP.NET Core, prevent environment variables being exposed in launchsettings.json
I made my github repository public and immediately got an email from SendGrid saying my api key has been disabled cuz It was detected somewhere public. How do I tackle this, cuz all envarionment variables are in launchsettings? New to envirnoment variables. Prevent laucnhsetting.json from being pushed to GitHub?
12 Replies
Secrets!
Simplest way, use
Environment.GetEnvironmentVariable
and get a secret that wayokay thanks, AI said I could GitIgnore launchsettings if thats easier?
Generally these are ignored but I don't do it
I don't have a lot in launchsettings so it's valid for everybody, but it sounds like you store data in there
Generally I just place data in appsettings, unless it's confidential like keys
In that case they go into a secret
okey Ill try to make it secret, thank you
One thing I did was make this extension method:
The idea is that appsettings can still hold data in development so it's easier and this is not confidential
However, in production they are replaced with the secret that I can find the data from
Then it's like this:
Dev
Prod
Very simple abstraction keeps it easy to develop anywhere, but ensures no confidential data leak when published for production
okay Ill try to maye it a secret to start with, as its a sensitive Api key
I would advice you just make it a secret regardless
I don't have sensitive API keys myself but it would work in your case too. Both instances just have to read from a secret
okay Ill try
thanks a lot
Unknown User•2w ago
Message Not Public
Sign In & Join Server To View
I'd love to see a proper solution for both cases instead of "don't do this"
Unknown User•2w ago
Message Not Public
Sign In & Join Server To View
Ill have a look, thanks