ASPNET Core: Accessing App Settings in Azure that Were in Secrets

As far as I know, the Secret Manager tool could help you to keep secrets out of your source code. And as this tutorial mentioned:

The Secret Manager tool does not encrypt the stored secrets and should not be treated as a trusted store. It is for development purposes only. The keys and values are stored in a JSON configuration file in the user profile directory.

Meanwhile, we could find that the secrets are stored in a JSON file in the user profile directory. For windows, it would be stored in the path as follows:

%APPDATA%\microsoft\UserSecrets\<userSecretsId>\secrets.json

Unfortunately, when I published the site to Azure, the passwords aren't being found.

I followed this tutorial to store my sensitive data in ASP.NET Core project via User Secrets, and found it could work well on my side. When publishing your app to Azure, you could leverage Azure App Services Application Settings to override the sensitive values which are stored by using the Secret Manager tool in your development. Here is a sample for you to understand it.

Assuming the structure of secrets.json file which stores your sensitive values as follows:

{  "AppKeys": {    "mark": "ABCDEF",    "connel": "abcdef"  }}

Then you could configure app settings in your Azure Web App as follows:

For a better understanding of this idea, you could follow User Secrets – Storing sensitive data in ASP.NET Core projects and Working with Azure App Services Application Settings and Connection Strings in ASP.NET Core.