Skip to content

How to migrate local_usersecrets.json to Azure Key Vault for your area repository

Prerequisites

An Azure Key Vault must be created in stage for your area with these tags:
- environment: stage
- repo: <repo_name>

Migration Steps

1. Copy Secrets to Key Vault

Note: The platform team should have already done this if your Key Vault exists with required tags. Contact them if you need help.

2. Verify Secrets

Confirm all secrets are copied with the naming format: local-<secret_name>

Important: Key Vault doesn't support special characters except -. The : character should be replaced with --.

3. Clean Up Shared Secrets

be-platform secrets are auto-pulled from the local-m-kv Key Vault into every area. Delete any secrets your area key vault already present there except if you plan to override them.

4. Create a Pull Request

Your PR should include:
- Delete local_usersecrets.json
- Update UserSecretsId in .csproj test project files to match your repository name
- Replace any secret name referance containing underscores (_) with hyphens (-) in secret names throughout your code

Example PR: https://github.com/majority-dev/be-platform/pull/257/files