Skip to content

Auto generated secrets do not get written to the user secrets #12481

New issue
New issue
Closed
Bug
Closed
Auto generated secrets do not get written to the user secrets#12481
Bug
Assignees
copilot-swe-agent
Labels
area-app-modelIssues pertaining to the APIs in Aspire.Hosting, e.g. DistributedApplication
Milestone
13.0
@prochnowc

Description

@prochnowc
prochnowc
opened on Oct 29, 2025

Is there an existing issue for this?

  • I have searched the existing issues

Describe the bug

When multiple components in an Aspire app generate secrets (for example, a SQL Server container and a RabbitMQ container), only one of those secrets is actually preserved in the user secrets store.

The issue appears to be that SecretsStore.Save() is invoked multiple times — once per secret — and each call overwrites the previously saved data rather than merging or appending new keys.

As a result, only one of the auto-generated secrets (randomly the SQL Server or the RabbitMQ password) remains in the secrets.json file after startup.

Expected Behavior

All auto-generated secrets (e.g., SQL Server password and RabbitMQ password) should be written and preserved in the user secrets store.

Steps To Reproduce

  1. Create an Aspire AppHost project that includes both a SQL Server container and a RabbitMQ container.
builder.AddRabbitMQ("rabbit")
    .WithLifetime(ContainerLifetime.Persistent)
    .WithDataVolume("rabbitmq");

builder.AddSqlServer("sql")
    .WithLifetime(ContainerLifetime.Persistent)
    .WithDataVolume("sqlserver")
    .AddDatabase("sqlserver-db");
  1. Run the app to allow Aspire to auto-generate passwords for both containers.
  2. Inspect the user secrets (secrets.json) after startup.

You can work around this issue by manually adding the auto-generated passwords:

var rabbitMqPassword =
    builder.AddParameter("rabbitmq-password", new GenerateParameterDefault { MinLength = 22, Special = false }, true, true);

builder
    .AddRabbitMQ("rabbitmq", password:rabbitMqPassword)
    .WithLifetime(ContainerLifetime.Persistent)
    .WithDataVolume("rabbitmq");

var sqlServerPassword =
    builder.AddParameter("sqlserver-password", new GenerateParameterDefault { MinLength = 22, MinLower = 1, MinUpper = 1, MinNumeric = 1 }, true, true);

var sqlServer = builder
    .AddSqlServer("sqlserver", password:sqlServerPassword)
    .WithLifetime(ContainerLifetime.Persistent)
    .WithDataVolume("sqlserver")
    .AddDatabase("sqlserver-db");

Exceptions (if any)

No response

.NET Version info

No response

Anything else?

Aspire version: 9.5.2
.NET SDK: 10.0.100-rc.2.25502.107
OS: Windows 11
IDE: Jetbrains Rider

Metadata

Metadata

Assignees

Labels

area-app-modelIssues pertaining to the APIs in Aspire.Hosting, e.g. DistributedApplication

Type

Bug

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions