PharmaVault follows the standard ASP.NET Core configuration model, layering settings fromDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/JReyna217/PharmaVault/llms.txt
Use this file to discover all available pages before exploring further.
appsettings.json, environment-specific overrides, and secrets at runtime. The only required configuration value is a PostgreSQL connection string — every other setting ships with a sensible default that works out of the box.
Connection String
TheConnectionStrings:DefaultConnection key is the single required piece of configuration. PharmaVault reads it through the standard IConfiguration abstraction, so it works identically whether the value comes from a file, user secrets, or an environment variable.
Base configuration file
appsettings.json declares the key with an intentionally empty value so the shape is visible at a glance without exposing real credentials.
appsettings.json
Local development — .NET User Secrets
For local development, .NET User Secrets keeps credentials off disk and out of version control. TheUserSecretsId is already configured in PharmaVault.Web.csproj, so you only need to run the following commands once per machine.
Initialize the secrets store
Run this command from inside the
src/PharmaVault.Web directory (or any directory in the solution — the project flag makes the target explicit).Set the connection string
Replace
your_user and your_password with the credentials for your local PostgreSQL instance.Production and Docker — environment variables
ASP.NET Core maps double-underscores (__) to the colon (:) hierarchy separator, so the connection string can be injected at container runtime without touching any file.
- Docker run
- Docker Compose
- System environment
Session Configuration
PharmaVault uses ASP.NET Core cookie authentication to maintain user sessions. The following options are set inProgram.cs:
| Setting | Value | Notes |
|---|---|---|
| Cookie name | PharmaVaultSession | Identifies the auth cookie in the browser |
| Session expiry | 1 hour | Controlled by ExpireTimeSpan |
| Login path | / | Unauthenticated requests are redirected to the root (login) page |
Program.cs (authentication setup)
/logout endpoint performs a SignOutAsync and redirects back to /, invalidating the cookie immediately rather than waiting for it to expire naturally.
Logging
The default logging configuration emitsInformation-level messages from application code while suppressing the more verbose ASP.NET Core framework noise below Warning.
appsettings.json (Logging section)
The
Microsoft.AspNetCore: Warning setting is a standard ASP.NET Core default. It prevents the console from being flooded with request-pipeline tracing messages while still surfacing genuine warnings and errors from the framework.Development vs. Production
ASP.NET Core merges configuration files in order, with later files winning. TheASPNETCORE_ENVIRONMENT variable controls which environment-specific file is loaded.
appsettings.Development.json
How configuration layering works
How configuration layering works
ASP.NET Core merges configuration sources in this priority order (highest priority wins):
- Environment variables
appsettings.{Environment}.json(e.g.appsettings.Development.json)appsettings.json- Default framework values
ASPNETCORE_ENVIRONMENT=Development activates the developer exception page in Program.cs (instead of the generic /Error handler) and enables detailed stack traces.Development, PharmaVault enables HSTS and swaps the exception handler to the user-friendly /Error page:
Program.cs (environment-conditional middleware)
Launch Settings
launchSettings.json defines two local run profiles. Both set ASPNETCORE_ENVIRONMENT=Development automatically, so User Secrets and the developer exception page are always active when launching from dotnet run or Visual Studio.
Properties/launchSettings.json
launchSettings.json is used only by local tooling (the .NET CLI and IDEs). It is never read at runtime in production and should not be used to store secrets.