I'm learning to work with the .NET Core 5.0 framework and was reading this article about managing user secrets. Coming from Node.js, I'm used to .env files where for example database connections credentials are stored.
When looking at boilerplates, such as ASP.NET Boilerplate or clean-architecture-manga, I notice the database connection string still being in the appsettings.json, which isn't in located in the .gitignore file.
"PersistenceModule": {
"DefaultConnection": "Server=localhost;User Id=sa;Password=<YourStrong!Passw0rd>;Database=Accounts;"
},
Am I misunderstanding something about uset secrets in ASP.NET? Is the database password the same for everyone?
You might want to check out this documentation. In .Net Core secrets can be inserted into a the appsettings.json file from environment variables via the command line on start up as long as the appsettings.json file is properly tokenized. There's also the ability to override the appsettings.json file with values stored in a key vault, such as Hashicorp Vault or Microsoft's Azure Key Vault.