From 3319fdea1951ab708858c808da0b7dcfbd06ee68 Mon Sep 17 00:00:00 2001
From: Tom Dykstra <tdykstra@microsoft.com>
Date: Wed, 30 Oct 2024 20:10:04 -0700
Subject: [PATCH 1/5] sfi ropc warning

---
 aspnetcore/security/app-secrets.md                           | 2 +-
 aspnetcore/security/authentication/mfa/includes/mfa-5-8.md   | 1 +
 .../security/data-protection/configuration/overview.md       | 5 ++++-
 aspnetcore/signalr/redis-backplane.md                        | 2 ++
 .../signalr/redis-backplane/includes/redis-backplane.md      | 3 +++
 .../signalr/redis-backplane/includes/redis-backplane2.1.md   | 3 +++
 .../signalr/redis-backplane/includes/redis-backplane2.2.md   | 2 ++
 .../signalr/redis-backplane/includes/redis-backplane3.md     | 4 +++-
 .../signalr/redis-backplane/includes/redis-backplane5.md     | 4 +++-
 .../signalr/redis-backplane/includes/redis-backplane6.md     | 4 +++-
 .../signalr/redis-backplane/includes/redis-backplane7.md     | 3 +++
 11 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/aspnetcore/security/app-secrets.md b/aspnetcore/security/app-secrets.md
index b867db7ac60f..cd5e27880323 100644
--- a/aspnetcore/security/app-secrets.md
+++ b/aspnetcore/security/app-secrets.md
@@ -5,7 +5,7 @@ description: Learn how to store and retrieve sensitive information during the de
 ms.author: tdykstra
 monikerRange: '>= aspnetcore-3.0'
 ms.custom: mvc
-ms.date: 10/29/2024
+ms.date: 10/30/2024
 uid: security/app-secrets
 ---
 <!-- ms.sfi.ropc: t -->
diff --git a/aspnetcore/security/authentication/mfa/includes/mfa-5-8.md b/aspnetcore/security/authentication/mfa/includes/mfa-5-8.md
index 11b35bb1650d..1c743627c83c 100644
--- a/aspnetcore/security/authentication/mfa/includes/mfa-5-8.md
+++ b/aspnetcore/security/authentication/mfa/includes/mfa-5-8.md
@@ -1,4 +1,5 @@
 :::moniker range=">= aspnetcore-6.0 <= aspnetcore-8.0"
+<!-- ms.sfi.ropc: t -->
 
 By [Damien Bowden](https://github.com/damienbod)
 
diff --git a/aspnetcore/security/data-protection/configuration/overview.md b/aspnetcore/security/data-protection/configuration/overview.md
index 9c2240f3dca1..cd399865c2ff 100644
--- a/aspnetcore/security/data-protection/configuration/overview.md
+++ b/aspnetcore/security/data-protection/configuration/overview.md
@@ -5,10 +5,11 @@ description: Learn how to configure Data Protection in ASP.NET Core.
 monikerRange: '>= aspnetcore-3.1'
 ms.author: tdykstra
 ms.custom: mvc
-ms.date: 6/14/2023
+ms.date: 10/30/2024
 uid: security/data-protection/configuration/overview
 ---
 # Configure ASP.NET Core Data Protection
+<!-- ms.sfi.ropc: t -->
 
 :::moniker range=">= aspnetcore-6.0"
 
@@ -317,6 +318,8 @@ services.AddDataProtection()
     .ProtectKeysWithAzureKeyVault(new Uri("<keyIdentifier>"), new DefaultAzureCredential());
 ```
 
+[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)]
+
 ## PersistKeysToFileSystem
 
 To store keys on a UNC share instead of at the *%LOCALAPPDATA%* default location, configure the system with <xref:Microsoft.AspNetCore.DataProtection.DataProtectionBuilderExtensions.PersistKeysToFileSystem%2A>:
diff --git a/aspnetcore/signalr/redis-backplane.md b/aspnetcore/signalr/redis-backplane.md
index 9eb29121f152..f8b17f330a9d 100644
--- a/aspnetcore/signalr/redis-backplane.md
+++ b/aspnetcore/signalr/redis-backplane.md
@@ -17,6 +17,8 @@ By [Andrew Stanton-Nurse](https://twitter.com/anurse), [Brady Gaster](https://tw
 
 This article explains SignalR-specific aspects of setting up a [Redis](https://redis.io/) server to use for scaling out an ASP.NET Core SignalR app.
 
+[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)]
+
 ## Set up a Redis backplane
 
 * Deploy a Redis server.
diff --git a/aspnetcore/signalr/redis-backplane/includes/redis-backplane.md b/aspnetcore/signalr/redis-backplane/includes/redis-backplane.md
index 5807ad5dc0e3..dfe8a85f0dc9 100644
--- a/aspnetcore/signalr/redis-backplane/includes/redis-backplane.md
+++ b/aspnetcore/signalr/redis-backplane/includes/redis-backplane.md
@@ -1,7 +1,10 @@
 :::moniker range="> aspnetcore-2.0 <= aspnetcore-5.0"
+<!-- ms.sfi.ropc: t -->
 
 This article explains SignalR-specific aspects of setting up a [Redis](https://redis.io/) server to use for scaling out an ASP.NET Core SignalR app.
 
+[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)]
+
 ## Set up a Redis backplane
 
 * Deploy a Redis server.
diff --git a/aspnetcore/signalr/redis-backplane/includes/redis-backplane2.1.md b/aspnetcore/signalr/redis-backplane/includes/redis-backplane2.1.md
index 8b7a60f036cc..2f6eafc2143a 100644
--- a/aspnetcore/signalr/redis-backplane/includes/redis-backplane2.1.md
+++ b/aspnetcore/signalr/redis-backplane/includes/redis-backplane2.1.md
@@ -1,7 +1,10 @@
 :::moniker range="= aspnetcore-2.1"
+<!-- ms.sfi.ropc: t -->
 
 This article explains SignalR-specific aspects of setting up a [Redis](https://redis.io/) server to use for scaling out an ASP.NET Core SignalR app.
 
+[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)]
+
 ## Set up a Redis backplane
 
 * Deploy a Redis server.
diff --git a/aspnetcore/signalr/redis-backplane/includes/redis-backplane2.2.md b/aspnetcore/signalr/redis-backplane/includes/redis-backplane2.2.md
index 217cff3bec65..04c93e69161f 100644
--- a/aspnetcore/signalr/redis-backplane/includes/redis-backplane2.2.md
+++ b/aspnetcore/signalr/redis-backplane/includes/redis-backplane2.2.md
@@ -2,6 +2,8 @@
 
 This article explains SignalR-specific aspects of setting up a [Redis](https://redis.io/) server to use for scaling out an ASP.NET Core SignalR app.
 
+[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)]
+
 ## Set up a Redis backplane
 
 * Deploy a Redis server.
diff --git a/aspnetcore/signalr/redis-backplane/includes/redis-backplane3.md b/aspnetcore/signalr/redis-backplane/includes/redis-backplane3.md
index 6f05ef143f7f..9cfc7f16cd0a 100644
--- a/aspnetcore/signalr/redis-backplane/includes/redis-backplane3.md
+++ b/aspnetcore/signalr/redis-backplane/includes/redis-backplane3.md
@@ -1,7 +1,9 @@
 :::moniker range="> aspnetcore-2.2 < aspnetcore-5.0"
-
+<!-- ms.sfi.ropc: t -->
 This article explains SignalR-specific aspects of setting up a [Redis](https://redis.io/) server to use for scaling out an ASP.NET Core SignalR app.
 
+[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)]
+
 ## Set up a Redis backplane
 
 * Deploy a Redis server.
diff --git a/aspnetcore/signalr/redis-backplane/includes/redis-backplane5.md b/aspnetcore/signalr/redis-backplane/includes/redis-backplane5.md
index a6f911ecf867..e7a3c21147b1 100644
--- a/aspnetcore/signalr/redis-backplane/includes/redis-backplane5.md
+++ b/aspnetcore/signalr/redis-backplane/includes/redis-backplane5.md
@@ -1,7 +1,9 @@
 :::moniker range="= aspnetcore-5.0"
-
+<!-- ms.sfi.ropc: t -->
 This article explains SignalR-specific aspects of setting up a [Redis](https://redis.io/) server to use for scaling out an ASP.NET Core SignalR app.
 
+[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)]
+
 ## Set up a Redis backplane
 
 * Deploy a Redis server.
diff --git a/aspnetcore/signalr/redis-backplane/includes/redis-backplane6.md b/aspnetcore/signalr/redis-backplane/includes/redis-backplane6.md
index a691615fc152..94be7a6b1e27 100644
--- a/aspnetcore/signalr/redis-backplane/includes/redis-backplane6.md
+++ b/aspnetcore/signalr/redis-backplane/includes/redis-backplane6.md
@@ -1,7 +1,9 @@
 :::moniker range="= aspnetcore-6.0"
-
+<!-- ms.sfi.ropc: t -->
 This article explains SignalR-specific aspects of setting up a [Redis](https://redis.io/) server to use for scaling out an ASP.NET Core SignalR app.
 
+[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)]
+
 ## Set up a Redis backplane
 
 * Deploy a Redis server.
diff --git a/aspnetcore/signalr/redis-backplane/includes/redis-backplane7.md b/aspnetcore/signalr/redis-backplane/includes/redis-backplane7.md
index 401bc35121e6..e777faec4b7f 100644
--- a/aspnetcore/signalr/redis-backplane/includes/redis-backplane7.md
+++ b/aspnetcore/signalr/redis-backplane/includes/redis-backplane7.md
@@ -1,7 +1,10 @@
 :::moniker range="= aspnetcore-7.0"
+<!-- ms.sfi.ropc: t -->
 
 This article explains SignalR-specific aspects of setting up a [Redis](https://redis.io/) server to use for scaling out an ASP.NET Core SignalR app.
 
+[!INCLUDE [managed-identities](~/includes/managed-identities-conn-strings.md)]
+
 ## Set up a Redis backplane
 
 * Deploy a Redis server.

From 60c98639996fccf3a13914e2cc55544bab0921f2 Mon Sep 17 00:00:00 2001
From: Tom Dykstra <tdykstra@microsoft.com>
Date: Thu, 31 Oct 2024 11:23:18 -0700
Subject: [PATCH 2/5] more files with connection strings

---
 .../samples/8.x/RedisCache/appsettings.json     |  2 +-
 aspnetcore/security/app-secrets.md              | 17 +++++------------
 .../app-secrets/includes/app-secrets-3-5.md     | 17 +++++------------
 .../2.x/UserSecrets/appsettings-unsecure.json   |  5 -----
 .../3.x/UserSecrets/appsettings-unsecure.json   |  5 -----
 .../UserSecrets/appsettings.Development.json    |  3 +--
 6 files changed, 12 insertions(+), 37 deletions(-)
 delete mode 100644 aspnetcore/security/app-secrets/samples/2.x/UserSecrets/appsettings-unsecure.json
 delete mode 100644 aspnetcore/security/app-secrets/samples/3.x/UserSecrets/appsettings-unsecure.json

diff --git a/aspnetcore/performance/caching/distributed/samples/8.x/RedisCache/appsettings.json b/aspnetcore/performance/caching/distributed/samples/8.x/RedisCache/appsettings.json
index 808f7455d292..5970dac89bbc 100644
--- a/aspnetcore/performance/caching/distributed/samples/8.x/RedisCache/appsettings.json
+++ b/aspnetcore/performance/caching/distributed/samples/8.x/RedisCache/appsettings.json
@@ -7,6 +7,6 @@
   },
   "AllowedHosts": "*",
   "ConnectionStrings": {
-    "MyAzureRedisConStr": "<cache name>.redis.cache.windows.net,abortConnect=false,ssl=true,allowAdmin=true,password=<primary-access-key>"
+    "MyAzureRedisConStr": "<connection string>"
   }
 }
diff --git a/aspnetcore/security/app-secrets.md b/aspnetcore/security/app-secrets.md
index cd5e27880323..7ca077a969dc 100644
--- a/aspnetcore/security/app-secrets.md
+++ b/aspnetcore/security/app-secrets.md
@@ -11,6 +11,7 @@ uid: security/app-secrets
 <!-- ms.sfi.ropc: t -->
 # Safe storage of app secrets in development in ASP.NET Core
 
+
 [!INCLUDE[](~/includes/not-latest-version.md)]
 
 :::moniker range=">= aspnetcore-6.0"
@@ -19,7 +20,7 @@ By [Rick Anderson](https://twitter.com/RickAndMSFT) and [Kirk Larkin](https://tw
 
 [View or download sample code](https://github.com/dotnet/AspNetCore.Docs/tree/main/aspnetcore/security/app-secrets/samples) ([how to download](xref:index#how-to-download-a-sample))
 
-This article explains how to manage sensitive data for an ASP.NET Core app on a development machine. Never store passwords or other sensitive data in source code or configuration files. Production secrets shouldn't be used for development or test. Secrets shouldn't be deployed with the app.  Production secrets should be accessed through a controlled means like Azure Key Vault. Azure test and production secrets can be stored and protected with the [Azure Key Vault configuration provider](xref:security/key-vault-configuration).
+This article explains how to manage sensitive data for an ASP.NET Core app on a development machine. Never store passwords or other sensitive data in source code or configuration files. Production secrets shouldn't be used for development or test. Secrets shouldn't be deployed with the app. Production secrets should be accessed through a controlled means like Azure Key Vault. Azure test and production secrets can be stored and protected with the [Azure Key Vault configuration provider](xref:security/key-vault-configuration).
 
 For more information on authentication for deployed test and production apps, see [Secure authentication flows](xref:security/index#secure-authentication-flows).
 
@@ -201,21 +202,13 @@ The `Movies:ConnectionString` and `Movies:ServiceApiKey` secrets are mapped to t
 
 ## String replacement with secrets
 
-Storing passwords in plain text is insecure. For example, a database connection string stored in `appsettings.json` may include a password for the specified user:
-
-[!code-json[](~/security/app-secrets/samples/3.x/UserSecrets/appsettings-unsecure.json?highlight=3)]
-
-A more secure approach is to store the password as a secret. For example:
+Storing passwords in plain text is insecure. For example, a database connection string stored in `appsettings.json` should not include a password. Instead, store the password as a secret, and include the password in the connection string at runtime. For example:
 
 ```dotnetcli
-dotnet user-secrets set "DbPassword" "pass123"
+dotnet user-secrets set "DbPassword" "<CREDENTIAL_PLACEHOLDER>"
 ```
 
-Remove the `Password` key-value pair from the connection string in `appsettings.json`. For example:
-
-[!code-json[](~/security/app-secrets/samples/3.x/UserSecrets/appsettings.json?highlight=3)]
-
-The secret's value can be set on a <xref:System.Data.SqlClient.SqlConnectionStringBuilder> object's <xref:System.Data.SqlClient.SqlConnectionStringBuilder.Password%2A> property to complete the connection string:
+Replace the placeholder in the preceding example with the password value. Set the secret's value on a <xref:System.Data.SqlClient.SqlConnectionStringBuilder> object's <xref:System.Data.SqlClient.SqlConnectionStringBuilder.Password%2A> property to include it as the password value in the connection string:
 
 [!code-csharp[](~/security/app-secrets/samples/6.x/UserSecrets/Program.cs?name=snippet_sql&highlight=5-8)]
 
diff --git a/aspnetcore/security/app-secrets/includes/app-secrets-3-5.md b/aspnetcore/security/app-secrets/includes/app-secrets-3-5.md
index 2f6e57111814..38a307ee41e0 100644
--- a/aspnetcore/security/app-secrets/includes/app-secrets-3-5.md
+++ b/aspnetcore/security/app-secrets/includes/app-secrets-3-5.md
@@ -8,6 +8,7 @@ By [Rick Anderson](https://twitter.com/RickAndMSFT), [Kirk Larkin](https://twitt
 This article explains how to manage sensitive data for an ASP.NET Core app on a development machine. Never store passwords or other sensitive data in source code or configuration files. Production secrets shouldn't be used for development or test. Secrets shouldn't be deployed with the app. Production secrets should be accessed through a controlled means like Azure Key Vault. Azure test and production secrets can be stored and protected with the [Azure Key Vault configuration provider](xref:security/key-vault-configuration).
 
 For more information on authentication for test and production environments, see [Secure authentication flows](xref:security/index#secure-authentication-flows).
+
 ## Environment variables
 
 Environment variables are used to avoid storage of app secrets in code or in local configuration files. Environment variables override configuration values for all previously specified configuration sources.
@@ -172,23 +173,15 @@ The `Movies:ConnectionString` and `Movies:ServiceApiKey` secrets are mapped to t
 
 ## String replacement with secrets
 
-Storing passwords in plain text is insecure. For example, a database connection string stored in `appsettings.json` may include a password for the specified user:
-
-[!code-json[](~/security/app-secrets/samples/3.x/UserSecrets/appsettings-unsecure.json?highlight=3)]
-
-A more secure approach is to store the password as a secret. For example:
+Storing passwords in plain text is insecure. For example, a database connection string stored in `appsettings.json` should not include a password. Instead, store the password as a secret, and include the password in the connection string at runtime. For example:
 
 ```dotnetcli
-dotnet user-secrets set "DbPassword" "pass123"
+dotnet user-secrets set "DbPassword" "<CREDENTIAL_PLACEHOLDER>"
 ```
 
-Remove the `Password` key-value pair from the connection string in `appsettings.json`. For example:
-
-[!code-json[](~/security/app-secrets/samples/3.x/UserSecrets/appsettings.json?highlight=3)]
-
-The secret's value can be set on a <xref:System.Data.SqlClient.SqlConnectionStringBuilder> object's <xref:System.Data.SqlClient.SqlConnectionStringBuilder.Password%2A> property to complete the connection string:
+Replace the placeholder in the preceding example with the password value. Set the secret's value on a <xref:System.Data.SqlClient.SqlConnectionStringBuilder> object's <xref:System.Data.SqlClient.SqlConnectionStringBuilder.Password%2A> property to include it as the password value in the connection string:
 
-[!code-csharp[](~/security/app-secrets/samples/3.x/UserSecrets/Startup2.cs?name=snippet_StartupClass&highlight=14-17)]
+[!code-csharp[](~/security/app-secrets/samples/6.x/UserSecrets/Program.cs?name=snippet_sql&highlight=5-8)]
 
 ## List the secrets
 
diff --git a/aspnetcore/security/app-secrets/samples/2.x/UserSecrets/appsettings-unsecure.json b/aspnetcore/security/app-secrets/samples/2.x/UserSecrets/appsettings-unsecure.json
deleted file mode 100644
index 07ff807bf643..000000000000
--- a/aspnetcore/security/app-secrets/samples/2.x/UserSecrets/appsettings-unsecure.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "ConnectionStrings": {
-    "Movies": "Server=(localdb)\\mssqllocaldb;Database=Movie-1;User Id=johndoe; $CREDENTIAL_PLACEHOLDER$;MultipleActiveResultSets=true"
-  }
-}
\ No newline at end of file
diff --git a/aspnetcore/security/app-secrets/samples/3.x/UserSecrets/appsettings-unsecure.json b/aspnetcore/security/app-secrets/samples/3.x/UserSecrets/appsettings-unsecure.json
deleted file mode 100644
index 14a8ebb8c3a3..000000000000
--- a/aspnetcore/security/app-secrets/samples/3.x/UserSecrets/appsettings-unsecure.json
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "ConnectionStrings": {
-    "Movies": "Server=(localdb)\\mssqllocaldb;Database=Movie-1;User Id=johndoe;Password=pass123;MultipleActiveResultSets=true"
-  }
-}
\ No newline at end of file
diff --git a/aspnetcore/security/app-secrets/samples/6.x/UserSecrets/appsettings.Development.json b/aspnetcore/security/app-secrets/samples/6.x/UserSecrets/appsettings.Development.json
index e120ed2453ea..4b4bb07c20e7 100644
--- a/aspnetcore/security/app-secrets/samples/6.x/UserSecrets/appsettings.Development.json
+++ b/aspnetcore/security/app-secrets/samples/6.x/UserSecrets/appsettings.Development.json
@@ -8,6 +8,5 @@
   },
   "ConnectionStrings": {
     "Movies": "Server=(localdb)\\mssqllocaldb;Database=Movie-1;User Id=johndoe;MultipleActiveResultSets=true"
-  },
-  "DbPassword": "MySecret"
+  }
 }

From e95404516f0271b9bbbae2b86c826d3fbb5e11c8 Mon Sep 17 00:00:00 2001
From: Tom Dykstra <tdykstra@microsoft.com>
Date: Thu, 31 Oct 2024 11:27:07 -0700
Subject: [PATCH 3/5] tweak wording

---
 aspnetcore/security/app-secrets/includes/app-secrets-3-5.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/aspnetcore/security/app-secrets/includes/app-secrets-3-5.md b/aspnetcore/security/app-secrets/includes/app-secrets-3-5.md
index 38a307ee41e0..78e4f9444aaf 100644
--- a/aspnetcore/security/app-secrets/includes/app-secrets-3-5.md
+++ b/aspnetcore/security/app-secrets/includes/app-secrets-3-5.md
@@ -176,10 +176,10 @@ The `Movies:ConnectionString` and `Movies:ServiceApiKey` secrets are mapped to t
 Storing passwords in plain text is insecure. For example, a database connection string stored in `appsettings.json` should not include a password. Instead, store the password as a secret, and include the password in the connection string at runtime. For example:
 
 ```dotnetcli
-dotnet user-secrets set "DbPassword" "<CREDENTIAL_PLACEHOLDER>"
+dotnet user-secrets set "DbPassword" "<secret value>"
 ```
 
-Replace the placeholder in the preceding example with the password value. Set the secret's value on a <xref:System.Data.SqlClient.SqlConnectionStringBuilder> object's <xref:System.Data.SqlClient.SqlConnectionStringBuilder.Password%2A> property to include it as the password value in the connection string:
+Replace the `<secret value>` placeholder in the preceding example with the password value. Set the secret's value on a <xref:System.Data.SqlClient.SqlConnectionStringBuilder> object's <xref:System.Data.SqlClient.SqlConnectionStringBuilder.Password%2A> property to include it as the password value in the connection string:
 
 [!code-csharp[](~/security/app-secrets/samples/6.x/UserSecrets/Program.cs?name=snippet_sql&highlight=5-8)]
 

From e5c20e6cc9927a53f2e00ee0cd477b8682576823 Mon Sep 17 00:00:00 2001
From: Tom Dykstra <tdykstra@microsoft.com>
Date: Thu, 31 Oct 2024 15:49:14 -0700
Subject: [PATCH 4/5] proofread fixes

---
 aspnetcore/security/app-secrets.md                            | 4 ++--
 aspnetcore/signalr/redis-backplane.md                         | 4 ++--
 .../signalr/redis-backplane/includes/redis-backplane2.2.md    | 1 +
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/aspnetcore/security/app-secrets.md b/aspnetcore/security/app-secrets.md
index 7ca077a969dc..3eb6d18b7b80 100644
--- a/aspnetcore/security/app-secrets.md
+++ b/aspnetcore/security/app-secrets.md
@@ -205,10 +205,10 @@ The `Movies:ConnectionString` and `Movies:ServiceApiKey` secrets are mapped to t
 Storing passwords in plain text is insecure. For example, a database connection string stored in `appsettings.json` should not include a password. Instead, store the password as a secret, and include the password in the connection string at runtime. For example:
 
 ```dotnetcli
-dotnet user-secrets set "DbPassword" "<CREDENTIAL_PLACEHOLDER>"
+dotnet user-secrets set "DbPassword" "`<secret value>`"
 ```
 
-Replace the placeholder in the preceding example with the password value. Set the secret's value on a <xref:System.Data.SqlClient.SqlConnectionStringBuilder> object's <xref:System.Data.SqlClient.SqlConnectionStringBuilder.Password%2A> property to include it as the password value in the connection string:
+Replace the `<secret value>` placeholder in the preceding example with the password value. Set the secret's value on a <xref:System.Data.SqlClient.SqlConnectionStringBuilder> object's <xref:System.Data.SqlClient.SqlConnectionStringBuilder.Password%2A> property to include it as the password value in the connection string:
 
 [!code-csharp[](~/security/app-secrets/samples/6.x/UserSecrets/Program.cs?name=snippet_sql&highlight=5-8)]
 
diff --git a/aspnetcore/signalr/redis-backplane.md b/aspnetcore/signalr/redis-backplane.md
index f8b17f330a9d..9ca6dde89ff0 100644
--- a/aspnetcore/signalr/redis-backplane.md
+++ b/aspnetcore/signalr/redis-backplane.md
@@ -5,10 +5,10 @@ description: Learn how to set up a Redis backplane to enable scale-out for an AS
 monikerRange: '>= aspnetcore-2.1'
 ms.author: wpickett
 ms.custom: mvc
-ms.date: 02/06/2024
+ms.date: 10/31/2024
 uid: signalr/redis-backplane
 ---
-
+<!-- ms.sfi.ropc: t -->
 # Set up a Redis backplane for ASP.NET Core SignalR scale-out
 
 By [Andrew Stanton-Nurse](https://twitter.com/anurse), [Brady Gaster](https://twitter.com/bradygaster), and [Tom Dykstra](https://github.com/tdykstra).
diff --git a/aspnetcore/signalr/redis-backplane/includes/redis-backplane2.2.md b/aspnetcore/signalr/redis-backplane/includes/redis-backplane2.2.md
index 04c93e69161f..a3f7e923e584 100644
--- a/aspnetcore/signalr/redis-backplane/includes/redis-backplane2.2.md
+++ b/aspnetcore/signalr/redis-backplane/includes/redis-backplane2.2.md
@@ -1,4 +1,5 @@
 :::moniker range="= aspnetcore-2.2"
+<!-- ms.sfi.ropc: t -->
 
 This article explains SignalR-specific aspects of setting up a [Redis](https://redis.io/) server to use for scaling out an ASP.NET Core SignalR app.
 

From 88eb2bb3d0daf1f0d8ce3837251e42c88c71b3ee Mon Sep 17 00:00:00 2001
From: Tom Dykstra <tdykstra@microsoft.com>
Date: Thu, 31 Oct 2024 20:38:03 -0700
Subject: [PATCH 5/5] Apply suggestions from code review

---
 aspnetcore/security/app-secrets.md                          | 4 +++-
 aspnetcore/security/app-secrets/includes/app-secrets-3-5.md | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/aspnetcore/security/app-secrets.md b/aspnetcore/security/app-secrets.md
index 3eb6d18b7b80..7850e725a039 100644
--- a/aspnetcore/security/app-secrets.md
+++ b/aspnetcore/security/app-secrets.md
@@ -202,7 +202,9 @@ The `Movies:ConnectionString` and `Movies:ServiceApiKey` secrets are mapped to t
 
 ## String replacement with secrets
 
-Storing passwords in plain text is insecure. For example, a database connection string stored in `appsettings.json` should not include a password. Instead, store the password as a secret, and include the password in the connection string at runtime. For example:
+Storing passwords in plain text is insecure. Never store secrets in a configuration file such as `appsettings.json`, which might get checked in to a source code repository.
+
+For example, a database connection string stored in `appsettings.json` should not include a password. Instead, store the password as a secret, and include the password in the connection string at runtime. For example:
 
 ```dotnetcli
 dotnet user-secrets set "DbPassword" "`<secret value>`"
diff --git a/aspnetcore/security/app-secrets/includes/app-secrets-3-5.md b/aspnetcore/security/app-secrets/includes/app-secrets-3-5.md
index 78e4f9444aaf..d77e8fa84075 100644
--- a/aspnetcore/security/app-secrets/includes/app-secrets-3-5.md
+++ b/aspnetcore/security/app-secrets/includes/app-secrets-3-5.md
@@ -173,7 +173,9 @@ The `Movies:ConnectionString` and `Movies:ServiceApiKey` secrets are mapped to t
 
 ## String replacement with secrets
 
-Storing passwords in plain text is insecure. For example, a database connection string stored in `appsettings.json` should not include a password. Instead, store the password as a secret, and include the password in the connection string at runtime. For example:
+Storing passwords in plain text is insecure. Never store secrets in a configuration file such as `appsettings.json`, which might get checked in to a source code repository.
+
+For example, a database connection string stored in `appsettings.json` should not include a password. Instead, store the password as a secret, and include the password in the connection string at runtime. For example:
 
 ```dotnetcli
 dotnet user-secrets set "DbPassword" "<secret value>"