Committing passwords, api keys and connection strings to open source projects can be incredibly dangerous. Even once they've been removed from the repo they can still be found in the commit history. The .NET Core boffins have come up with a technique called User Secrets, which is meant to help alleviate this. What are they and how do they work? In this post, we'll find out.