SecretsBak 0.1.6
dotnet tool install --global SecretsBak --version 0.1.6
This package contains a .NET tool you can call from the shell/command line.
dotnet new tool-manifest
dotnet tool install --local SecretsBak --version 0.1.6
This package contains a .NET tool you can call from the shell/command line.
#tool dotnet:?package=SecretsBak&version=0.1.6
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
nuke :add-package SecretsBak --version 0.1.6
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
SecretsBak
Backup and restore .NET User Secrets (secrets.json) to/from AWS S3.
This is useful when you work across multiple machines (macOS, Windows, Linux, EC2) and want a quick way to sync your local .NET User Secrets.
Features
- Backup
.NET User Secretsto S3 - Restore
.NET User Secretsfrom S3 - Encrypts uploads:
- Default: SSE-S3 (AES256)
- Optional: SSE-KMS with
--kms-key-id
- Can auto-create the S3 bucket (on push)
- Works on Windows / macOS / Linux
Install (Global .NET Tool)
dotnet tool install --global SecretsBak
Update:
dotnet tool update --global SecretsBak
Prerequisites
- .NET 8+
- AWS credentials configured (any standard method works):
~/.aws/credentials- environment variables
- AWS SSO
- IAM Role (EC2, ECS, etc.)
You also need permissions for:
s3:PutObjects3:GetObjects3:ListBuckets3:HeadBuckets3:CreateBucket(only if bucket auto-create is used)
If using KMS:
kms:Encryptkms:Decrypt
Commands
where
Shows the UserSecretsId and the local secrets.json path.
secretsbak where --project ./MyApp.csproj
push
Uploads your local secrets.json to S3.
secretsbak push --project ./MyApp.csproj --bucket my-bucket --prefix usersecrets --region us-east-1
Optional SSE-KMS:
secretsbak push \
--project ./MyApp.csproj \
--bucket my-bucket \
--prefix usersecrets \
--region us-east-1 \
--kms-key-id <kms-key-arn-or-id>
S3 object key format:
s3://<bucket>/<prefix>/<UserSecretsId>/secrets.json
pull
Downloads secrets from S3 and writes them to your local UserSecrets folder.
secretsbak pull --project ./MyApp.csproj --bucket my-bucket --prefix usersecrets --region us-east-1
⚠️ Current behavior:
pullpicks the newestsecrets.jsonunder:
s3://<bucket>/<prefix>/It then updates your
.csproj<UserSecretsId>to match what was pulled.
Examples
# Push secrets
secretsbak push \
--project /Users/tayo/Repos/PaymentGateway/BuzaPayCoreApi/BuzaPayCoreApi.csproj \
--bucket dev-secret1s \
--prefix BuzapayCoreApi \
--region us-east-1
# Pull secrets (overwrites local)
secretsbak pull \
--project /Users/tayo/Repos/PaymentGateway/BuzaPayCoreApi/BuzaPayCoreApi.csproj \
--bucket dev-secret1s \
--prefix BuzapayCoreApi \
--region us-east-1
Notes
- If you do not pass
--kms-key-id, uploads still use encryption (SSE-S3 AES256). - If your bucket enforces SSE-KMS by policy, you must pass
--kms-key-id.
License
MIT
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
This package has no dependencies.
| Version | Downloads | Last Updated |
|---|---|---|
| 0.1.6 | 132 | 2/9/2026 |