NOTE: This guide uses the 5.0 SDK version. A 6.0 version is in the works.
Example using the Doppler CLI to hydrate a Doppler class with JSON or environment variables via Configuration providers.
If deploying to Azure, using our Azure Key Vault integration is likely to offer a better experience, but the following may still be of interest for local development.
Import the sample project to Doppler:
doppler importSelect the config to use:
doppler setup --project dotnet-core-webappThen confirm the Doppler CLI can fetch secrets for that config:
doppler secretsWe'll now illustrate four different options for secrets injection.
The Doppler CLI acts as the application runner by injecting secrets as environment variables into the process in the required PascalCase format using the dotnet-env name transformer:
doppler run --name-transformer dotnet-env -- dotnet runThis is the preferred method as unencrypted secrets never touch the file system.
The only caveat is that because the Doppler CLI is spawning the application process, you'll need to manually attach the debugger to the process during local development each time.
If you're debugging frequently enough that this is a deal breaker, the following JSON option is available.
Recommended only during local development for easier debugging, secrets are downloaded in the JSON configuration provider's expected format and loaded by the application during the creation of the application Host.
The JSON can be generated by running:
doppler secrets download --name-transformer dotnet --no-file > doppler.jsonExpected usage would be downloading the secrets JSON file in a pre-build step, then deleting the secrets file once the debugger exits to ensure secrets aren't persisted beyond the life of the application process.
We can approximate this flow using bash script at bin/dotnet-run-json.sh which uses trap to capture the exit signal of the process and remove the doppler.json file:
./bin/dotnet-run-json.shWe can also use the Doppler CLI to populate the <environmentVariables> element in a web.config.tmpl Doppler template:
doppler secrets substitute web.config.tmpl > web.configAnother possible solution for local development only is the Secret Manager Tool.
Simply initialize the secret store for the current application, then feed secrets from the Doppler CLI to the dotnet user-secrets set command:
dotnet user-secrets init
doppler secrets download --name-transformer dotnet --no-file | dotnet user-secrets setWe don't recommend this option as the Secret Manager tool doesn't encrypt the stored secrets, plus this option doesn't dynamically keep your secrets in sync.
This is our initial exploration into integrating Doppler with ASP.NET core and we have long-term plans to build our own Doppler configuration provider that seamlessly takes care of the implementation details you see here.