User Secrets are stored outside of the project tree in a JSON configuration file in the user profile directory and are therefore outside of source control, providing flexibility and security for managing sensitive data. User Secrets can be shared across multiple projects via their GUID or even different sets of User Secrets for each branch of your solution. The best way to consume user secrets is by mapping them to a model, which provides type safety and prevents errors from misspelt string names. .NET Core's built-in dependency inject allows injecting the secrets into the constructors of classes and services via the IOptions<> interface.