---
title: Use Secrets Management For Backend Secrets
impact: CRITICAL
impactDescription: centralizes and secures credential storage
tags: secrets, vault, credentials, configuration, security, csharp
---

## Use Secrets Management For Backend Secrets

Avoid hardcoding secrets or committing them to source control. Use standard mechanisms like User Secrets (dev) and KeyVault/Environment Variables (prod).

**Incorrect (hardcoded):**

```csharp
public void ConfigureServices(IServiceCollection services)
{
    var apiKey = "sk-1234567890"; // Hardcoded secret
}
```

**Correct (secrets management):**

```csharp
// Development: dotnet user-secrets set "ApiKey" "..."
// Production: Azure Key Vault or Environment Variables

public void ConfigureServices(IServiceCollection services)
{
    var apiKey = Configuration["ApiKey"]; // Loaded from secure source
    
    if (string.IsNullOrEmpty(apiKey)) throw new Exception("ApiKey missing");
}
```

**Tools:** Azure Key Vault, AWS Secrets Manager, dotnet user-secrets