Asos.UserSecretsRetriever 1.1.35

Prefix Reserved
.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher.
There is a newer version of this package available.
See the version list below for details. 
dotnet tool install --global Asos.UserSecretsRetriever --version 1.1.35
This package contains a .NET tool you can call from the shell/command line. 
dotnet new tool-manifest
                    


                            if you are setting up this repo
                        

                    

                
dotnet tool install --local Asos.UserSecretsRetriever --version 1.1.35
This package contains a .NET tool you can call from the shell/command line. 
#tool dotnet:?package=Asos.UserSecretsRetriever&version=1.1.35
                    


                    

                
nuke :add-package Asos.UserSecretsRetriever --version 1.1.35

User secrets retriever

The user secrets retriever is a .NET tool that can be used to retrieve secrets from Azure Key Vault and add them via Secret Manager (user-secrets) for a project. The tool supports retrieving multiple secrets across multiple key vaults.

Why use this tool?

The .NET Secret Manager (dotnet user-secrets) is a recommended approach for storing secrets when developing on your local machine. However these secrets often have to be retrieved manually, resulting in additional overhead when getting started on an existing project and additional documentation to keep track of required secrets. This tool allows the definition (but not value) of required secrets to be stored in source control, and for the retrieval of the secrets to be automated through a single CLI command.

Why not just use the Key Vault configuration provider?

Using the Key Vault configuration provider is a valid approach to retrieving secrets in your local environment but adds additional constraints as it will query Key Vault every time you restart the application. Loading them into user-secrets prevents this and allows for a fully offline development experience.

Installation

The tool can be installed via the .NET cli:

dotnet tool install -g Asos.UserSecretsRetriever

Troubleshooting Installation Issues

If you encounter issues during installation, please refer to the following common problems and solutions:

Issue 1: Private Feed Conflicts

There is a known issue you might face when installing a .NET tool if you have a private (authenticated) feed in your list of sources. You can ignore the error using the following additional flag:

dotnet tool install -g Asos.UserSecretsRetriever --ignore-failed-sources
Issue 2: 401 Unauthorized Error

Some users have reported getting the following exception when installing, even after adding the --ignore-failed-sources flag:

<span style="color:red">Unhandled exception: System.Net.Http.HttpRequestException: Response status code does not indicate success: 401 (Unauthorized)</span>

Or:

<span style="color:red">Unhandled exception: NuGet.Protocol.Core.Types.FatalProtocolException: Unable to load the service index for source. Response status code does not indicate success: 401 (Unauthorized).</span>

This typically occurs when you have private Azure DevOps/Azure Artifacts feeds configured in your NuGet sources that require authentication. There are two recommended approaches to resolve this:

The recommended approach is to install the Azure Artifacts Credential Provider, which automatically handles authentication for Azure Artifacts feeds.

Windows:

  1. Open PowerShell as Administrator
  2. Run the following command: 
    iex "& { $(irm https://aka.ms/install-artifacts-credprovider.ps1) }"

macOS/Linux:

  1. Open Terminal
  2. Run the following command: 
    sh -c "$(curl -fsSL https://aka.ms/install-artifacts-credprovider.sh)"

After installing the credential provider, try installing the tool again:

dotnet tool install -g Asos.UserSecretsRetriever
Solution B: Manual NuGet Configuration (Alternative)

If you prefer to configure authentication manually or the credential provider doesn't work for your setup, you can add credentials directly to your NuGet configuration.

  1. Locate your NuGet configuration file:

    • Windows: %APPDATA%\NuGet\nuget.config
    • macOS/Linux: ~/.nuget/NuGet/NuGet.Config

  2. Add your private feed and credentials to the configuration file:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <add key="PE-ASOS" value="https://pkgs.dev.azure.com/asos/ASOS%20PE/_packaging/PE-ASOS/nuget/v3/index.json" />
    
  </packageSources>
  <packageSourceCredentials>
    <PE-ASOS>
      <add key="Username" value="firstname.lastname@asos.com" />
      <add key="ClearTextPassword" value="your-azure-devops-pat-token" />
    </PE-ASOS>
    
  </packageSourceCredentials>
</configuration>
  1. Replace firstname.lastname@asos.com with your ASOS email address
  2. Replace your-azure-devops-pat-token with a Personal Access Token (PAT) that has Packaging (read) permissions

After configuring your credentials, try installing the tool again:

dotnet tool install -g Asos.UserSecretsRetriever

Note: While Solution B works, we recommend Solution A (Azure Artifacts Credential Provider) as it's more secure and doesn't require storing credentials in plain text files.

Usage

To retrieve secrets for a project, add a appsettings.usersecrets.json configuration file in the same directory as your project file. The user secrets configuration file should define the secrets you want to retrieve and uses the following format:

{
  "Vaults": [
    {
      "Uri": "https://my-keyvault.vault.azure.net/",
      "Secrets": [
        {
          "SourceName": "MyKeyVaultSecretName",
          "DestinationName": "MyUserSecretName"
        },
        {
          "SourceName": "MySecondKeyVaultSecretName",
          "DestinationName": "MySecondUserSecretName"
        }
      ]
    },
    {
      "Uri": "https://my-second-keyvault.vault.azure.net/",
      "Secrets": [
        {
          "SourceName": "MyKeyVaultSecretName",
          "DestinationName": "MyUserSecretName"
        }
      ]
    }
  ]
}

Once the configuration file is present in the repository, any engineer with access to the key vault can retrieve the secrets using the following command:

dotnet user-secrets-retriever retrieve

Options

The tool supports the following options:

Option Mandatory Description
--project false The path to the directory containing the project you wish to retrieve secrets for. Defaults to the current directory.
--secrets-configuration false The name of the file containing the configuration for the secrets you want to retrieve. Defaults to appsettings.usersecrets.json
--diagnostics false Enables diagnostic output. Useful for understanding authentication issues.

Authentication with Key Vault

The tool uses the Azure.Identity client library to authenticate with the specified Key Vaults using a ChainedTokenCredential. The following authentication types are included and attempted in order:

  1. EnvironmentCredential
  2. VisualStudioCredential
  3. VisualStudioCodeCredential
  4. AzureCliCredential
  5. AzurePowerShellCredential
  6. InteractiveBrowserCredential

See the Azure.Identity documentation for more details. For help understanding an authentication issue and to identify which credential type has been selected, use the --diagnostics flag when running the tool.

You will need read access to secrets within the key vaults you are accessing.

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

This package has no dependencies.

Version Downloads Last Updated
1.1.36 153 9/15/2025
1.1.35 153 9/15/2025
1.1.34 133 9/8/2025
1.1.33 276 8/25/2025
1.1.32 422 7/21/2025
1.1.25 230 4/7/2025
1.1.24 181 4/7/2025
1.1.23 155 3/17/2025
1.1.22 118 2/25/2025
1.1.21 125 2/17/2025
1.1.20 130 2/14/2025
1.1.19 118 2/11/2025
1.1.18 131 1/28/2025
1.1.17 106 1/28/2025
1.1.16 105 1/20/2025
1.1.15 102 1/13/2025
1.1.14 127 12/6/2024
1.1.13 127 11/8/2024
1.1.12 154 6/24/2024
1.1.11 119 6/12/2024
1.1.10 130 5/28/2024
1.1.9 119 5/13/2024
1.1.8 145 4/29/2024
1.1.7 144 4/22/2024
1.1.6 177 4/12/2024
1.0.8 361 3/30/2023
1.0.6 402 1/31/2023
1.0.5 500 10/25/2022
1.0.2 446 10/25/2022
1.0.2-documentation.4 189 10/21/2022