Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Secrets Management in different Environments
See original GitHub issueIs your feature request related to a problem? Please describe.
Secrets management in Development environments is unfulfilling. The Basic configuration is helpful, but is not user friendly when handling multiple environments and bigger teams, as it lacks:
- Quickly switching between different secrets for different environments
- finding currently configured secrets (of course there is
dotnet user-secrets list, but one has to remember this command instead of visually seeing the.envfile in the repository`) - misalignment with “industry standards” (if you could call
.envfiles this) - Easy sharing of secrets between developers (where was the file again to quickly share with my coworker?)
Describe the solution you’d like
There are multiple ways to relief some development pain:
-
Allowing another flag for the current cli: (Apart from the
--configuration), e.g.--environmentBasically this would be the equivalent to the differentappsettings.jsonfiles. If the application would readappsettings.Development.jsonit would also readsecrets.Development.jsonand the CLI options would write to the respective file. This would allow to easily switch between “Staging” and “Development” Secrets (basically allowing each launch Profile to potentially have different Secrets). Please note that the current--configurationimplementation does not allow this, as I might want to Debug with the secrets from the Staging Environment or test the Release build with the local Development Secrets. -
Make the dotnet eco system understand
.envfiles. Instead of writing extra documentation about how to handle secrets with the dotnet project or searching the internet for this guide.envfiles could be used as they are a defacto standard known to many development tools. Some ideas on how to add them:- Add
launchSettings.jsonsupport:
{ "profiles": { "EnvironmentsSample": { "commandName": "Project", "dotnetRunMessages": true, "launchBrowser": true, "applicationUrl": "https://localhost:7152;http://localhost:5105", "environmentVariables": { "ASPNETCORE_ENVIRONMENT": "Development" }, // Add another Option for reading .env Files "environmentFiles": [".env", "development.env"] }, }- Add
dotnetcli support: For--configuration=Developmentthe.envfile could be loaded automatically. For manually adding it with other configurations adding the option--env-file .envwould be great.
- Add
Additional context
As a workaround one could use a nuget package such as DotNetEnv but this would add unneeded complexity and packages to the build + functionality which would only be called during Development or anytime adding side effects to Release Builds.
Issue Analytics
- State:
- Created 3 months ago
- Reactions:1
- Comments:9 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Made a quick update to the
gitignoretemplate as a PR to at least give us some coverage if we do decide to do things with dotenv in the future. Several other ecosystems’ gitignore files in the github/gitignore repo already have this, so we’re playing catchup from a safety perspective here.For those people that know and understand them 😃
It’s worth evaluating for 8 though, but we’d have to make sure VS’s default gitignore does indeed ignore .env, and also look at what github and azdo do, just in case it does get checked in with secrets.
But I leave that to feature PMs, I’ve gone my spoilsport security rant now 😃