usersecrets are not accessible inside container for worker service project

[pratiksanglikar]

Describe the bug

The user secrets for a worker service are not accessible inside docker container.

To Reproduce

Steps to reproduce the behavior:

1. Create a new .NET Core 3.0/3.1 WorkerService project using Visual Studio. (Or just clone this repo and jump to step 5)
2. Right click on the project, click "Add Docker Support" select "Linux".
3. Edit the project file and add -
   a. Package reference to Microsoft.Extensions.Configuration.UserSecrets as following <PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="3.1.1" />
   Because of this issue #2743
   b. A volume mapping of the user secrets directory inside the container by adding following line to the property group -
   <DockerfileRunArguments>-v "$(AppData)/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro"</DockerfileRunArguments>
4. Modify the file Worker.cs to access the user secrets -

 public class Worker : BackgroundService
    {
        private readonly ILogger<Worker> _logger;
        private readonly IConfiguration configuration;

        public Worker(ILogger<Worker> logger, IConfiguration configuration)
        {
            _logger = logger;
            this.configuration = configuration;
        }

        protected override async Task ExecuteAsync(CancellationToken stoppingToken)
        {
            while (!stoppingToken.IsCancellationRequested)
            {
                _logger.LogInformation("The secret - {}", this.configuration["secretKey"]);
                await Task.Delay(1000, stoppingToken);
            }
        }
    }

5. On powershell or command prompt, navigate to the project directory and add user secrets using the command -
   dotnet user-secrets set "secretKey" "secretValue"

6. hit F5 with the Docker debug profile and monitor the output window. Notice that the value of the user secret is null.

Note: You can open the Containers window in the VS to check the file contents of the container.
If you check the path - /root/.microsoft/usersecrets you will notice the user-secrets directory with secrets.json inside it.

Expected behavior

The output should print the value of the user-secret.

Screenshots

Additional context

Same program with WorkerService debug profile works well.

[Lechus]

is this fixed?

[Dotnet-GitSync-Bot]

I couldn't figure out the best area label to add to this issue. Please help me learn by adding exactly one area label.

[guibranco]

Any news ?

[Lesthad]

I am running into the same issue for a console app running in docker. Any news on this?

[wzchua]

There's no issue with the mount. The docker image default DOTNET_ENVIRONMENT value is * (it's actually unset). If you set it to Development in the launchSettings.json, it will work.

    "Docker": {
      "commandName": "Docker",
      "environmentVariables": {
        "DOTNET_ENVIRONMENT": "Development"
      }
    }

[pratiksanglikar]

@wzchua,
Why worker service's behavior is different than that of ASP.NET application?

[wzchua]

when you run the default aspnetcore project with docker. -e "ASPNETCORE_ENVIRONMENT=Development" is added to the commandline argument

[angusmillar]

Having the same issue here. I can see the problem as explained by @wzchua is that my DOTNET_ENVIRONMENT value is not being set. However, I have added the launchSettings.json as follows. It just does not pick it up. How else can I set that environment variable?

{
  "profiles": {
    "Iata.Verity.Service": {
      "commandName": "Project",
      "environmentVariables": {
        "DOTNET_ENVIRONMENT": "Development"
      },
      "dotnetRunMessages": "true"
    },
    "Docker": {
      "commandName": "Docker",
      "environmentVariables": {
        "DOTNET_ENVIRONMENT": "Development"
      }
    }
  }
}

[jcotton42]

@angusmillar Not that it's a proper fix, but telling Docker directly about it seems to work. For example I have this in my docker-compose.override.yml under the node for the relevant service.

environment:                      
  - DOTNET_ENVIRONMENT=Development
volumes:                                                               
  - "${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets/:ro"

I also needed the volume definition as it wasn't being mapped by default.

[maryamariyan]

@angusmillar Not that it's a proper fix, but telling Docker directly about it seems to work. For example I have this in my docker-compose.override.yml under the node for the relevant service.

Closing since there seems to be a workaround

[jcotton42]

@angusmillar Not that it's a proper fix, but telling Docker directly about it seems to work. For example I have this in my docker-compose.override.yml under the node for the relevant service.

Closing since there seems to be a workaround

Closing this issue is not proper. The Docker tooling should do the setup for user secrets automatically. Please reopen this.

[maryamariyan]

Closing this issue is not proper. The Docker tooling should do the setup for user secrets automatically. Please reopen this.

@MichaelSimons what are your thoughts here?

[eerhardt]

cc @mthalman as well.

[MichaelSimons]

This seems like a VS Docker Tools issue vs a runtime issue. I suggest opening an issue at https://github.com/microsoft/dockertools/issues.

[eerhardt]

Closing as this is not a dotnet/runtime issue. If someone is blocked on the VS Docker Tools, please open an issue at https://github.com/microsoft/dockertools/issues.