Skip to main content
Source: Al0082ConsiderConnectionStringAnalyzer.cs

Description

Connection strings should come from configuration (appsettings.json, environment variables, or secrets) rather than being hardcoded in source code.

Bad Code

var conn = "Server=prod-db;Database=myapp;User=admin;Password=secret";
builder.Services.AddNpgsql(conn);

Good Code

var conn = builder.Configuration.GetConnectionString("Default");
builder.Services.AddNpgsql(conn);

Properties

  • Category: Configuration
  • Severity: Info
  • Enabled by default: True
  • Code fix available: False

Configuration

dotnet_diagnostic.AL0082.severity = suggestion