Storing User Secrets
In this lesson, we're going to see how to securely store user secrets
Get the project source code below, and follow along with the lesson material.
Download Project Source CodeTo set up the project on your local machine, please follow the directions provided in the README.md file. If you run into any issues with running the project source code, then feel free to reach out to the author in the course's Discord channel.
This lesson preview is part of the The newline Guide to Fullstack ASP.NET Core and React course and can be unlocked immediately with a single-time purchase. Already have access to this course? Log in here.
Get unlimited access to The newline Guide to Fullstack ASP.NET Core and React with a single-time purchase.
[00:00 - 00:07] Right now we are storing the Stripe credentials inside app settings dot development dot JSON file. And it's not an ideal way to do so.
[00:08 - 00:17] When we are using private keys, we want to store them in a location where it's not visible to anyone. And we can share the app settings file to GitHub without any fear.
[00:18 - 00:30] ASP.NET Core gives us access to secret manager where we can store the credentials and this option is available just for development. What we can do is we can simply follow the process.
[00:31 - 00:38] So let's start with dotnet user secrets in it. So let's go back to the VS code and let's open our terminal.
[00:39 - 00:53] And for this we want to be inside the API project. So let's write dotnet user secrets and initialize it using init.
[00:54 - 01:04] And now if you open api.csproch file, it has created user secret ID. And we are ready to set our secrets.
[01:05 - 01:16] Let's open app settings dot development dot JSON file and set them inside our secret manager. So what we need to do is first of all, let's clear it a bit and now we can type .
[01:17 - 01:40] Set user secrets and then set now inside quotations, we need the name, which is stripe. So let's write stripe and now using colon, we want to write the property, which is publishable key.
[01:41 - 01:57] So I can now write publishable key and now inside, we want to mention our key. Let's copy it and paste it.
[01:58 - 02:06] Now we can press enter. And as you see, it has set the publishable key inside our secret manager.
[02:07 - 02:23] Let's do the same thing for client secret. Now if you want to see all the keys that you have stored inside secret manager, you can simply type.net user secrets and list.
[02:24 - 02:33] And here we can see the publishable key and the client secret. Now that we have configured the secret keys, we don't need them inside our app settings dot development.json file.
[02:34 - 02:42] So we can simply delete them from here to check if everything is working as expected. Let's restart the server.
[02:43 - 02:47] Let's run dotnet watch. Run.
[02:48 - 02:53] Now let's open the browser. Let's try and add one cause.
[02:54 - 03:03] Let's add docker and go here. And let's delete this one. Let's just keep it to docker.
[03:04 - 03:17] And now we can open our console and network to see if the requests are working fine. And we see the request is working fine.
[03:18 - 03:24] Now if we check the payment intent ID and the client secret. So that means this part is working.
[03:25 - 03:30] Now let's mention the name. Let's call it test user.
[03:31 - 03:38] And you know it's 4242. And some expiry date and a CVC.
[03:39 - 03:50] Now let's try making the payment. Our payment is successful, which means the keys are working inside secret manager.