If you want to use secret configuration which you don't want to store the code repository during developing ASP.NET Core app, what will you do? ASP.NET Core provides Secret Manager tool. Then how about developing on OpenShift? I'd like to talk about Secret Manager tool and working OpenShift secrets for ASP.NET Core in this blog.
Secret Manager tool
Let's try to use following the document. At first, make ASP.NET Core web project. Then add Microsoft.Extensions.SecretManager.Tools, Microsoft.Extensions.Configuration.UserSecrets and userSecretsId to the tools section of the project.json file. Be sure to make the userSecretsId value unique.
"dependencies": {
"Microsoft.Extensions.Configuration.UserSecrets": "1.0.0-rc2-final"
},
"userSecretsId": "aspnet-WebApp1-c23d27a4-eb88-4b18-9b77-2a93f3b15119",
"tools": {
"Microsoft.Extensions.SecretManager.Tools": "1.0.0-preview2-final"
}
$ dotnet user-secrets set MySecret ValueOfMySecret
Once command is executed, the secrets.json file is generated at ~/.microsoft/usersecrets//secrets.json
$ cat ~/.microsoft/usersecrets/aspnet-WebApp1-c23d27a4-eb88-4b18-9b77-2a93f3b15119/secrets.json
{
"MySecret": "ValueOfMySecret"
}
Then we can refer this secret value from code as below.
public Startup(IHostingEnvironment env)
{
var builder = new ConfigurationBuilder()
.SetBasePath(env.ContentRootPath)
.AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
.AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true);
if (env.IsDevelopment())
{
// For more details on using the user secret store see http://go.microsoft.com/fwlink/?LinkID=532709
builder.AddUserSecrets();
}
builder.AddEnvironmentVariables();
Configuration = builder.Build();
}
Now it works storing secret data. However, this secret is stored in local machine folder. So how do we use secret on OpenShift?
OpenShift secret
OpenShift has a secret feature. To use OpenShift secret, we create yaml file as below. "strindData" field is a new feature at OpenShift v3.3. So if you use OpenShift 3.2 or lower, please use "data" field and value must be base64-encoded.
apiVersion: "v1"
kind: "Secret"
metadata:
name: "mysecret"
stringData:
mysecretconfig: '{"MySecret": "ValueOfMySecret"}'
Then create secret with oc command.
$ oc create -f mysecret.yaml
Secret is mounted as a volume, so edit the deploymentconfig to mount the volume. If you haven't tried ASP.NET Core app on OpenSift, s2i-aspnet is a good starting point. In this example, secret data file located at /etc/secret-volume/mySecret.
$ oc edit dc <your_dc>
spec:
<snip>
containers:
- name: myapp
<snip>
volumeMounts:
# name must match the volume name below
- name: secret-volume
mountPath: /etc/secret-volume
readOnly: true
<snip>
volumes:
- name: secret-volume
secret:
secretName: mysecret
restartPolicy: Never
Or use oc command.
$ oc volumes dc/<dc_name> --add --type=secret --secret-name=mysecret --mount-path=/etc/secret-volume
To use this mounted secret file as a configuration, simply call Configuration.AddJsonFile method with file path.
public Startup(IHostingEnvironment env)
{
var builder = new ConfigurationBuilder()
.SetBasePath(env.ContentRootPath)
.AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
.AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true);
if (Directory.Exists("/etc/secret-volume"))
builder.AddJsonFile("/etc/secret-volume/mysecretconfig", true);
builder.AddEnvironmentVariables();
Configuration = builder.Build();
Console.WriteLine(Configuration["MySecret"]);
}
Finally, you can refer the secret data from ASP.NET Core app on OpenShift. The full example project can be seen in my GitHub repo.
For additional information and articles on .NET Core visit our .NET Core web page for more on this topic.
Last updated: March 22, 2023