According to the StackOverflow(1) link. User Secrets is really only intended for development. The idea is you do not want confidential data to accidentally spill into the Source Control Manager (aka SCM). To help support this concept Microsoft provides a service called UserSecrets. This is another configuration file (similar to appsettings.development.json), except its held in a different location outside of source control. The Microsoft link does a pretty good job telling you how to set it up and how to configure your program to use this service.
References
- Microsoft - https://docs.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-3.1&tabs=windows – introduction of User Secrets (passwords, connection strings, ports, etc) – in Development
- StackOverflow (1) - https://stackoverflow.com/questions/40131672/storing-production-secrets-in-asp-net-core
- https://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-3.1 – Discussion of different ways to get configuration data into application. Check out Environment Variables configuration provider. It seems that some people are putting in connection strings, etc into environmental variables.