.Net Core 是否支持每个环境的用户机密? [英] Does .Net Core support User Secrets per environment?

问题描述

假设我有 appsettings.Development.json 中指定的开发环境的连接字符串和 appsettings.Staging.json 中指定的 Staging 环境的连接字符串

Let's say I have connection string for Development environment specified in appsettings.Development.json and connection string for the Staging environment specified in appsettings.Staging.json

在开发和暂存之间切换我需要做的就是导航到项目属性中的 Visual Studio 调试选项卡并更改 ASPNETCORE_ENVIRONMENT 环境变量的值.

All I need to do to switch between Development and Staging is to navigate to Visual Studio Debug tab in project properties and change the value for ASPNETCORE_ENVIRONMENT environment variable.

现在，出于安全原因，我当然不想在 appsettings.*.json 中有连接字符串.所以我把它移到了 User Secrets.

Now, of course I don't want to have connection string in appsettings.*.json for security reasons. So I move it to User Secrets.

问题是 - 似乎只有一个 secrets.json 文件被所有环境使用.没有 secrets.Development.json 或 secrets.Staging.json.这意味着在我通过 Visual Studio Debug 选项卡从 Development 切换到 Staging 环境之后，我还需要在 secrets.json 中手动更改连接字符串，这违背了为环境提供内置支持的目的.

Problem is - it seems there is just one secrets.json file that is used by all the environments. There are no secrets.Development.json or secrets.Staging.json. This means after I switch from Development to Staging environment via Visual Studio Debug tab I then also need to change connection strings manually in secrets.json which kind of defeats the purpose of having built-in support for the environments.

不支持基于每个环境的用户密码是否正确?如果是这样 - 是否有另一种方法可以避免在切换环境时手动修改 Secret 连接字符串?

Is this correct that User Secrets are not supported on per-environment basis? If so - is there another approach that would avoid having to modify Secret connection string manually when switching environments?

推荐答案

如果您使用 dotnet user-secrets --help 检查工具的参数，您将看到您可以为每个配置指定不同的机密(调试，发布，任何其他你想要的)但不是每个环境.如果您考虑一下，这不是一个糟糕的决定.

If you check the tool's parameters with dotnet user-secrets --help you'll see you can specify different secrets per configuration (Debug, Release, any other you want) but not per environment. Which is not a bad decision if you think about it.

ASPNETCORE_ENVIRONMENT 环境变量旨在告诉您的应用程序当前机器或容器是开发、生产还是其他环境，因此它可以选择适当的设置文件.预计此环境变量不会从一个应用程序执行更改为下一个.即使在使用容器时，环境变量也会从主机传递给容器，并且在容器的生命周期内不会发生变化.

The ASPNETCORE_ENVIRONMENT environment variable is meant to tell your application whether the current machine or container is a Development, Production or other environment, so it can pick the appropriate settings file. This environment variable isn't expected to change from one application execution to the next. Even when using containers, the environment variables are passed from the host to the container and aren't expected to change during the container's lifetime.

secrets 文件应该是每台机器的，出于开发目的，所以没有必要为每个环境保留单独的文件.使用单独的文件进行配置更有意义，允许开发人员简单地从 Dev 更改为 Release 或 Testing 或他们可能拥有的任何其他自定义配置.

The secrets files are supposed to be per machine, for development purposes, so there's no need to keep separate files per environment. It makes much more sense to use separate files for configuration, allowing developers to simply change from Dev to Release or Testing or any other custom configuration they may have.

为每个配置指定机密

dotnet user-secrets 工具的工作原理是从项目文件中读取 UserSecretsId 值并将机密存储在同名的 JSON 文件中，例如 c952ecfc-344e-43e1-bb67-1ac05973d6c6.json.可以为每个配置存储一个 UserSecretsId.

The dotnet user-secrets tool works by reading the UserSecretsId value from the project file and storing the secrets in a JSON file with the same name, eg c952ecfc-344e-43e1-bb67-1ac05973d6c6.json. It's possible to store a UserSecretsId for each configuration.

<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|AnyCPU'">
    <UserSecretsId>c952ecfc-344e-43e1-bb67-1ac05973d6c6</UserSecretsId>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
    <UserSecretsId>7D104000-2230-4EDE-8AE6-63BDDA0BD0C5</UserSecretsId>
</PropertyGroup>

当-c参数用于指定配置时，user-secrets工具会从对应的section读取UserSecretsId值并用它来存储或读取机密.

When the -c parameter is used to specify a configuration, the user-secrets tool will read the UserSecretsId value from the corresponding section and use it to store or read secrets.

dotnet user-secrets init 命令不识别-c参数，所以csproj文件需要直接修改.

The dotnet user-secrets init command doesn't recognize the -c parameter, so the csproj file needs to be modified directly.

一旦完成，就可以通过指定配置来设置和读取机密，例如:

Once that's done, one can set and read secrets by specifying the configuration, eg :

❯ dotnet user-secrets set -c Debug Key1 Value1
Successfully saved Key1 = Value1 to the secret store.

❯ dotnet user-secrets set -c Release Key1 Value2
Successfully saved Key1 = Value2 to the secret store.

❯ dotnet user-secrets list -c Debug
Key1 = Value1

❯ dotnet user-secrets list -c Release
Key1 = Value2

这篇关于.Net Core 是否支持每个环境的用户机密?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！