Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Leaking secrets #34462

Open
jimgit opened this issue Jan 10, 2025 · 3 comments
Open

Leaking secrets #34462

jimgit opened this issue Jan 10, 2025 · 3 comments
Assignees
@tdykstra
Labels
aspnet-core/svc security/subsvc Source - Docs.ms Docs Customer feedback via GitHub Issue

Comments

@jimgit
Copy link

jimgit commented Jan 10, 2025
edited by dotnetrepoman bot
Loading

Description

[Enter feedback here]In VISUAL STUDIO - if you forget to use a git ignore file or accidentally use one for a different type project (like python) and publsih your project to a PUBLIC github repo (you own github) - you will be leaking secrets via the environment variables.

YOU SHOULD PATCH THIS PROCESS SO THIS CAN'T HAPPEN - especially to novice programmers that don't know better.

Page URL

https://learn.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-9.0&tabs=windows

Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/security/app-secrets.md

Document ID

ba688ac2-e90e-fce5-f60d-40c2553c3efd

Article author

@tdykstra

Metadata

  • ID: 9c99993c-c983-6fda-6c3a-ce4ec8c1d5db
  • Service: aspnet-core
  • Sub-service: security

Related Issues
@dotnetrepoman dotnetrepoman bot added aspnet-core/svc security/subsvc Source - Docs.ms Docs Customer feedback via GitHub Issue labels Jan 10, 2025
@tdykstra tdykstra self-assigned this Jan 12, 2025
@dotnetrepoman dotnetrepoman bot added the mapQuest clean move label Jan 13, 2025
@dotnet-policy-service dotnet-policy-service bot removed the mapQuest clean move label Jan 13, 2025
@Rick-Anderson
Copy link
Contributor

Rick-Anderson commented Jan 14, 2025
edited
Loading

Description

[Enter feedback here]In VISUAL STUDIO - if you forget to use a git ignore file or accidentally use one for a different type project (like python) and publish your project to a PUBLIC github repo (you own github) - you will be leaking secrets via the environment variables.

Environment variables are NOT checked into GitHub

@Rick-Anderson
Copy link
Contributor

@tdykstra unless @jimgit can show where .gitignore should be added to prevent leaking secrets, close this issue and not-reproduced

@Rick-Anderson Rick-Anderson moved this from 🔖 Ready to 👀 In review in dotnet/AspNetCore.Docs January 2025 sprint Jan 14, 2025
@jimgit
Copy link
Author

jimgit commented Jan 14, 2025 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tdykstra tdykstra

Labels
aspnet-core/svc security/subsvc Source - Docs.ms Docs Customer feedback via GitHub Issue
Projects
dotnet/AspNetCore.Docs January 2025 sprint
Status: 👀 In review
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tdykstra @jimgit @Rick-Anderson