❔ Environment variables vs configuration files for storing secrets

A project I am working on started out with very few, very simple (string) secrets and sensitive information - so I stored them as environment variables and accessed them via

IConfiguration

IConfiguration

and

config.AddEnvironmentVariables("FOO_");

config.AddEnvironmentVariables("FOO_");

in my host builder. However, as the project has grown in size, the number and type of secrets has grown too, and some of them are too complex to store as the simple Key:Value format environment variables entail. At the moment, I have my original simple string secrets still stored as environment variables, but my more complex configuration and secret data has been tossed into a

config.json

config.json

file which I load and add to my IConfiguration via

config.AddJsonFile("config.json");

config.AddJsonFile("config.json");

.

Is it dumb to use both like this, or should I just move my string secrets to this

config.json

config.json

file as well? I'm not concerned about leaking secrets in commits or anything, as I have already added this file to my

.gitignore

.gitignore

for the project, but I'm not extremely keen on best-practices for secrets when it comes to projects. I feel like doing both doesn't really make sense, since the point of the former (to me) was to avoid the latter, but now I have to do the latter, so I might as well put all my eggs in one basket.

C#•3y ago•

11 replies

Kiel

❔ Environment variables vs configuration files for storing secrets

A project I am working on started out with very few, very simple (string) secrets and sensitive information - so I stored them as environment variables and accessed them via

IConfiguration

IConfiguration

and

config.AddEnvironmentVariables("FOO_");

config.AddEnvironmentVariables("FOO_");

config.json

config.json

file which I load and add to my IConfiguration via

config.AddJsonFile("config.json");

config.AddJsonFile("config.json");

.

Is it dumb to use both like this, or should I just move my string secrets to this

config.json

config.json

file as well? I'm not concerned about leaking secrets in commits or anything, as I have already added this file to my

.gitignore

.gitignore

❔ Environment variables vs configuration files for storing secrets

Similar Threads

❔ Environment variables vs configuration files for storing secrets

Similar Threads

Similar Threads

Similar Threads