Package is called "SecretManager" but command is "user-secrets"? #6
Comments
And yes, I realize that the secrets aren't ASP.NET-specific, they are part of Config which is generic, but we're targetting ASP.NET scenarios with it right now, we can always "broaden" the name later. |
I dislike dnx-secrets and aspnet-secrets because they're not either of those things, they are user secrets which happen to be used by asp.net apps. |
|
No dnx- something please. secret-vault is interesting though. |
Fair points @blowdart. I still like Since this is basically external user-level configuration, how about |
Not putting a prefix on it concerns me. We're entering the global namespace of user commands then. Are we trying to create a general purpose application-secret management system? Not really... Should |
Oh go on then, aspnet-vault (if only because I started playing Borderlands 2 last night, and vault wins by default) |
Thanks @anurse for bringing this up. @Eilon @davidfowl @DamianEdwards @blowdart @anurse @rustd can we come to a consensus on this work item?
|
For the record, I slightly prefer |
Also, if the Package ID is going to match the command name (which it should), we shouldn't arbitrarily mess with casing. I'd go with an all lower-case Package ID. |
I don't know if I like aspnet-config because it's not meant for general config is it? It's mean for sensitive, hidden, don't check into source control by accident type things. |
I'm going to ask a really naive question here, but if you're not encrypting things, and there is no intent to check things in, then why not just create something that targets env vars (at a user level)? It would seem to me that to create yet another place to manage project info seems superfluous, especially in a way that would differ from what's currently compatible with runtime environments (Azure, linux, WinServer, etc). What am I missing? |
The plan is to encrypt it. It also gives you a per app secret store for free instead of having to juggle env variables for different apps potentially on the same machine. That can get messy. |
@davidfowl That sounds better...it's just that @anurse's comment above seemed to indicate that it wasn't going to be secure. |
I actually just saw the link from the comment in #13 as well. Because it's just storing key/value pairs, I'm guessing locally it would work fine with the secrets API, but then you could set vars through the Azure portal/API and not have to worry about shipping those values around (or checking anything in, per above). 👍 |
👎 For aspnet-* I think the command is currently not pluralized (user-secret vs user-secrets) – I think it should be. The current name seems okay to me: user (stored per user) and secrets (since it will be encrypted). If "user-secrets" is too generic, then Question: Is this command only for development environments, or might it be used in cloud/hosting environments instead of environment variables? |
I like aspnet-vault or DotNet-vault IF it's encrypted. If it's not, it's just user-config. |
Think about non-native english speakers and "KISS" (know what i mean, keep it simple). IMHO should not be a kinda "cool name" like somethink-vault or so. We're talking about the secrets of the user so I like user-secrets. Pretty straightforward. |
@DamianEdwards This one needs a decision so assigning to you. cc @glennc who cares about this too. |
Nah, @glennc doesn't care. I heard him say "I love the current name and if we change it, I'm leaving" |
Closing this because we rename the package and command to |
It seems odd to me that installing
SecretManager
enables theuser-secrets
command. I think the command should be named a little differently. Also,user-secrets
is exteremly generic... I'd prefer something likeaspnet-secrets
ordnx-secrets
.I really like
aspnet-secrets
as a prelude to possibly introducing a more genericaspnet
command that behaves likegit
(wheregit foo
is just rewritten as a call togit-foo
). Then the command would (eventually) be something more likeaspnet secrets set
, etc.The text was updated successfully, but these errors were encountered: