I have a question about managed identity in Azure and it works fine. I would like to test the application locally and I know that I just need to set AZURE_CLIENT_ID, AZURE_TENANT_ID and AZURE_CLIENT_SECRET in the launchsettings. This makes everything work great. But my problem is that there are multiple people working on the project and each has their own application entra id and therefore different settings too.
Of course it is possible to add more profiles, but then the secrets would be shared across the repository and I don’t like that very much. Adding launchsettings to git ignore doesn’t seem very handy to me either. I’ve tried using secrets (but somehow I can’t create a transform there) – this may just be my fault for setting it up wrong.
I would like to be able to have each user have their own set up, but not share h on across repostiroy
Is there a solution? Or how do you approach this problem?
Thanks a lot
2
Answers
Managed identities do not work locally. Managed identities are implemented via certificates on the machines in the cloud–therefore they do not work on your local machine.
If you are trying to have different secret settings for different users, you should utilize User Secrets. It is a JSON file that stays local to your machine and will not be added to source control. The settings in there override your other app settings when run locally. This is the place to add personal user ids, etc.
If you right-click a project in Visual Studio, select ‘Manage User Secrets’.
You can narrow the problem down to how to configure
AZURE_CLIENT_SECRET
locally on developer’s machine without committing to git.The answer is, configure it in user secrets instead launchsettings.json.
Explanation:
see https://learn.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-8.0#configuration-providers
if you put the settings to launchsetting.json, they will passed as environment variables, so it overwrites any user secrets.
Instead, add those keys to applicationsettings.json and leave a comment that it should be configured in user secrets.
For example: