1

I am using ASP.NET Core 3.1 , Visual Studio 16.7.3 .

I have an API Key that needs to be used in my blazor wasm app. However I don't want to place the value in appsettings.json to make sure the API Key doesn't get into my source control. One such way to achieve is to use secrets.json in ASP.NET Core. But the value from secrets.json is not loading in my Program.cs.

appsettings.json:

{
  "APIKey": "appsettings.json"
}

Program.cs:

var builder = WebAssemblyHostBuilder.CreateDefault(args);

Debug.WriteLine($"APIKey:{builder.Configuration["APIKey"]}"); // works appsettings.json is logged in output window

If I move the key from appsettings.json to secrets.json

secrets.json:

{
  "APIKey": "secrets.json"
}

then output window log is empty. secrets.json no longer works in blazor wasm?

Vy Do
  • 46,709
  • 59
  • 215
  • 313
fingers10
  • 6,675
  • 10
  • 49
  • 87
  • The problem is that anything that runs in the browser is visible to users. Blazor WASM runs in the client. Even if you use "secret" semantics, at some point that becomes exposed in your code. In all the docs they say never use secrets in client-side blazor. – Andy Sep 15 '20 at 02:19
  • you could try this: https://stackoverflow.com/a/62701224/1204153 – Andy Sep 15 '20 at 02:20
  • but what about license keys. For example, If I'm using any 3rd party licensed UI components and that needs to be registered in program.cs with license key like `builder.Services.Add3rdPartyUIComponents("License Key")`. And how to keep this key as secret? – fingers10 Sep 15 '20 at 02:21
  • Someone had that exact same question: https://github.com/dotnet/aspnetcore/issues/23620 – Andy Sep 15 '20 at 02:22
  • I tried to solve this the best i could do was request it from the server and it pulled that info from secrets. The connection is only https at that stage... However the keys where all removed from my source code. – Brian Parker Sep 15 '20 at 05:25
  • @BrianParker Please can you explain more on what you have done? – fingers10 Sep 15 '20 at 07:01
  • @fingers10 Essentially I load the equivalent of appsettings from and API endpoint. Convert that to a ```MemoryConfigurationSource ``` . var clientConfigurations = await builder.LoadConfigFromServerAsync("api/clientconfigurations"); builder.Services.AddScoped(sp => clientConfigurations); – Brian Parker Sep 15 '20 at 08:28

0 Answers0