.NET Core save secrets in secrets.json file locally or Azure Key Vault when deployed.

Storing all the configuration for our application needs to be done in a secure manor, we used to throw everything into our web.configs, but that’s not really very secure. Instead options like Azure KeyVault make things way more secure and gives us a single interface with versioned secrets history.

But since we don’t want to be 100% reliant on the internet during development, we can make use of the locally stored secret manager in Visual Studio for local development, and when we deploy we switch and use KeyVault in Azure.

The plan

  1. Setup some secrets in Visual Studio.



Create managed identity for the webapp & give the identity to the keyvault to allow access


1. Setup our secrets in Visual Studio & Visual Studio Code

In full fat Visual Studio you can right click on the project and select “Manage User Secrets” and it will load up the secrets.json file which is specific to the logged in user.

Visual Studio Code

You can get this functionality with a plugin. https://marketplace.visualstudio.com/items?itemName=adrianwilczynski.user-secrets

Now when you right click on the csproj file you will get the same “Manage User Secrets” option.