.NET: User Secrets
To switch from storing sensitive configuration data in appsettings.json to User Secrets while still using Visual Studio to publish to Azure, follow these step-by-step instructions:
✅ 1. Enable User Secrets in Your Project
In your .csproj file, ensure this line is included inside a <PropertyGroup>:
<UserSecretsId>your-project-guid-or-name</UserSecretsId>
If it’s not there, add it manually or via Visual Studio:
- Right-click the project in Solution Explorer → Manage User Secrets
This will automatically create a secrets.json file at:
%APPDATA%\Microsoft\UserSecrets\<UserSecretsId>\secrets.json
✅ 2. Add Your Secrets
Add your secrets in the same structure as appsettings.json, for example:
{
"ConnectionStrings": {
"DefaultConnection": "supersecret-connection-string"
},
"Authentication": {
"Google": {
"ClientId": "1234",
"ClientSecret": "xyz"
}
}
}
You can also edit it via Visual Studio: after opening “Manage User Secrets,” paste the above into the file.
✅ 3. Update appsettings.json (Optional)
Remove the secrets from appsettings.json to ensure they are not checked into Git:
{
"ConnectionStrings": {
"DefaultConnection": ""
},
"Authentication": {
"Google": {
"ClientId": "",
"ClientSecret": ""
}
}
}
✅ 4. Ensure Configuration Is Loaded Properly
In Program.cs or Startup.cs, ensure this is present (should be by default):
builder.Configuration
.SetBasePath(Directory.GetCurrentDirectory())
.AddJsonFile("appsettings.json", optional: false)
.AddUserSecrets<Program>()
.AddEnvironmentVariables();
If you’re using CreateHostBuilder pattern:
.ConfigureAppConfiguration((context, config) =>
{
var env = context.HostingEnvironment;
config.AddJsonFile("appsettings.json", optional: false)
.AddUserSecrets<Program>()
.AddEnvironmentVariables();
})
✅ 5. Configure Azure App Service (Production Settings)
User Secrets are only available in development. To run in Azure, use App Service Configuration Settings:
-
In Azure Portal:
- Go to your App Service → Configuration (under Settings)
-
Add the following under Application settings:
ConnectionStrings__DefaultConnection=supersecret-connection-stringAuthentication__Google__ClientId=1234Authentication__Google__ClientSecret=xyz
Note: use double underscores
__to represent nested keys.
✅ 6. Publish From Visual Studio
Continue publishing as you do:
- Right-click project → Publish
- Pick Azure App Service
- Publish as usual
Secrets from User Secrets will be used during local development, and Azure App Settings will take over in production.
✅ 7. Verify No Secrets in Git
Make sure appsettings.json no longer contains real secrets, and secrets.json is never included in Git.
✅ Done. You’re now using User Secrets for local development and Azure App Settings for production—all compatible with Visual Studio publishing.