Aspnetcore.docs: Why Environment variables are safer than Secret Manager tool in staging/production ?

That's correct. The goal is to keep secrets out of source control and keep production secrets off of development machines. If you need a higher level of security, there's Azure Key Vault and 3rd party providers.

Oh ... and btw ... Secret Manager isn't for staging/production ... it's only for your dev machine. The general advice for production is always either env vars, Azure Key Vault, or 3rd party production secret management system.

Sorry to insist, but I'm curious to know what justifies the "general advice" to use env vars over over Secret Manager. Could you give me a clarification ?

@blowdart -- TL;DR Why was a "secret manager" scenario not developed for server situations?

Environment variables was where the industry went, so in this case we followed.

Pierre R, I suppose it is assumed that developers and testers shouldn't have access to production secrets at all (and if you tried your dev app in prod it would fail to deploy/run)
A production sys admin usually does have access to the secrets since they're the ones who maintain it. An environment variable or a text file in a secure path on a hardened production server is safer (not safe, but safer) than a connection string in the app code itself. IMO :)