How do I use Visual Studio user secrets and GitHub secrets, in the same project?

I'm going to consider what you've said here concerning environmental variables. You've given me some things to think about. I did want to respond to your suggestion of not changing the idiom for how we handle secrets to another idiom. In this case I believe we will have to when migrating to repos in GitHub. As I understand GH Advanced Security, it will run a check on attempted commits to see if secrets are in the proposed commit. If secrets are there, then the commit/push will be rejected. Secrets are in all our source code. (If I've misunderstood how GH Advanced Security works, with respect to secrets, then please forgive and correct me.)

Rod

Another issue I'm unclear on, in reference to that "Safe storage" document, is the use of environmental variables for safely storing secrets. The document brings up environmental variables, saying that is a safe way to use secrets securely, then drops talking about environmental variables. Please excuse my abysmal ignorance on how to use environmental variables on a development machine, on the deployed server and an Azure App Service. How does that work?

Rod

I've finished reading the document and I did see that "*Migrating User Secrets from ASP.NET Framework to ASP.NET Core*". Unfortunately, that won't work for me. I wish we were allowed to update code, but the motto where I work is, "If the code isn't broken beyond repair, do NOT modify it!! And NEVER, EVER update or upgrade it!!!" I have no choice but to work on old code using whatever .NET Framework it was originally written in. And some of those dates back to .NET Framework 1.1.

Rod

Thank you, Richard. I'm reading the document you linked to now. I'm about a third of the way through it. It speaks of ASP.NET Core, which in my case is fine, as this is a new app. However, we have hundreds of custom apps all written using old versions of the .NET Framework. Does that mean that Visual Studio user secrets will not work?

Rod

I've known about Visual Studio user secrets for a while but haven't used them. And I know that GitHub has secrets, which can be used in repos and I'm sure GH Actions, but again I haven't used them. That's all going to change very soon. I'd like to use VS user secrets for connection strings, API keys, etc. But when I commit to a GH repo, I'd like the GH action to use the GH secrets saved in that repo on GH. The only thing is, how do I do that? The syntax, I'm sure, isn't the same. How do I do what I want to do?

Rod