-
Notifications
You must be signed in to change notification settings - Fork 78
Store UserSecretsId in MSBuild project file instead of project.json #169
Comments
Just brainstorming: here are some options
|
From @glennc on August 30, 2016 6:4 msbuild seems the best option here. But why does there need to be a special file generated? Why can there not be a config source that reads from a csproj? It is just data in the csproj. |
From @Tratcher on August 30, 2016 14:14 The csproj isn't published |
IMO keeping the id in a simple file such as |
From @davidfowl on August 30, 2016 16:44 What about |
Did a quick spike: here's what something like I'm guessing some may complain "why the extra file in my project?". If users care, we could overload |
Design from in-person discussion with @glennc and @davidfowl:
|
From @muratg on September 13, 2016 17:31 Will the attribute be a top-level attribute in the Json file (as it is today?) |
Yes. The JSON part of this doesn't change much. We are just going to remove the strict requirement that the JSON file be named project.json. (See #103) |
The plan of record is that Most users will want this attribute to be auto-generated from the MSBuild property "UserSecretsId": Usage: <PropertyGroup>
<UserSecretsId>XYZ</UserSecretsId>
</PropertyGroup> Microsoft.Extensions.Configuration.UserSecrets 1.0.1 and 1.1 add support for this MSBuild prop and the assembly attribute. aspnet/Configuration#525 Microsoft.Extensions.SecretManager.Tools will be upgraded soon to understand csproj. #178 dotnet-migrate will automatically move the "userSecretsId" property in project.json to the csproj. dotnet/cli#4326 |
Before I decided to finally ask the question that follows, I looked at the source code to find references to what you're talking about. The problem that I'm trying to solve for myself is storing the userSecretsId outside of project.json, preferably totally abstracted away from the SecretManager.Tools package, so that it's [alternatively to its known locations] delivered to the tool via CLI arguments. I can't see that the tool code supports that (
The SecretManager's I couldn't find that asm attribute (UserSecretIdentifierFileNameAttribute) to even try pointing to another file, which makes me curious if what you're talking about made it to the repository or if it lives in another package (I don't see why it would, though). Unrelated, but, IMO, this secret-identifier is a part of configuration, and it shouldn't even be discussed - beyond config-transformations - how to automate moving it via MSBuild: that value, along with associated "secrets" shouldn't cross business-environment boundaries anyway and they all should be defined manually, one time per machine-environment pair. Thanks. |
@hlubovac This is a WIP. I've added DotNetTools/src/Microsoft.Extensions.SecretManager.Tools/Internal/CommandLineOptions.cs Lines 42 to 45 in 27fc53e
The actual content of the ID doesn't matter for most people. But the problem we're trying to address is "where is it stored?" We chose the project file because it unifies the Visual Studio, CLI tools, and the runtime experience. |
Thanks. Do you think it'll be long before that change makes it to master/nuget? |
I don't have a date. We're waiting on dotnet/cli 's MSBuild to stabilize. But, '--id' would be easy enough to add to the version on dev branch that I'd happily take a PR to added it now if it'll unblock you. |
No, it's fine; I can wait. I'm experimenting anyway, with no particular plan in mind. I don't want to distract you from your current goal. Thank you, though. |
A hack, as an alternative solution to storing this value in a separate file:
This can further be expanded [by app devs]:
By the way, just to make it clearer where I'm going with this: I started treating this system [of managing secrets] as more like per-user-non-source-controlled setting-management, with the plan on overriding whatever I have in my app's config file (e.g. appsettings.json) with those "secret" values. This is a one-time setup per dev-workstation, and also per shared server; nobody's going to be stepping on each other's toes and I don't have to have mysterious config transformations going on. Just sharing... :) |
One of the unintended consequences of this design #169 (comment) is aspnet/Configuration#543. Any design-time tooling that invokes 'Startup' is likely to break. |
The work for this is done. When released, the feature will be in the following packages: Microsoft.Extensions.SecretManager.Tools (1.0.0-msbuild1-final) |
From @muratg on August 24, 2016 22:43
Slightly related #62.
Since project.json is going away, we'll need to resolve this soon.
@glennc @davidfowl @natemcmaster @Tratcher
Copied from original issue: aspnet/UserSecrets#96
The text was updated successfully, but these errors were encountered: