DamianEdwards
commented
1 week ago There's certainly a tension here between secure practices and learnability, but I don't think I can get comfortable with putting values categorized as secret into source files in the samples in this repo. Certainly we can and should improve documentation to make it much clearer to learners like yourself.
/Cc @IEvangelist
Hi team, I'm learning Aspire as quickly as possible (and loving it!) but have had one or two issues along the way getting the formatting of secrets correct. Since the samples repo is meant to be a learning aid, I'd like to recommend that secrets are included using dummy values in the appsettings.Development.json file. This way, those who are learning the framework will have a better understanding of how their secrets should be formatted and what a correct value might look like. The documentation simply says to include the connection string or endpoint value and includes a statement about what will be looked for in the user secrets, but seeing it in a repo is always better. Of course, include a disclaimer that user secrets should be the preferred approach, and possibly include a link to the MS Learn docs page for setting up user secrets to further encourage good practices. But for a learning approach, it would be very helpful to see everything that goes into a successful project.