user-secrets into devcontainer

Author: aligneddev

.devcontainer/DEVCONTAINER.md

@@ -136,14 +136,29 @@ Note the devcontainer.json setup with
   },
   "mounts": [
     "source=${env:SSH_AUTH_SOCK},target=/ssh-agent,type=bind",
-    "source=/mnt/c/Users/klogan/.ssh,target=/root/.ssh-host,type=bind,readonly"
+    "source=${localEnv:HOME}/.ssh,target=/root/.ssh-host,type=bind,readonly",
+    "source=${localEnv:HOME}/.microsoft/usersecrets,target=/root/.microsoft/usersecrets,type=bind"
   ]
 
 ### Secrets Management
 
 - Local development: Use .NET User Secrets or environment variables
 - CI/CD: Use GitHub repository secrets or Azure Key Vault
 - DevContainer environment variables in `devcontainer.json` are for non-sensitive values only
+- Persist User Secrets in Dev Containers by bind-mounting your host user-secrets directory to `/root/.microsoft/usersecrets`
+
+Example mount paths by host OS:
+- Linux/macOS host: `source=${localEnv:HOME}/.microsoft/usersecrets,target=/root/.microsoft/usersecrets,type=bind`
+- Windows host: `source=${localEnv:APPDATA}/Microsoft/UserSecrets,target=/root/.microsoft/usersecrets,type=bind`
+
+If you use Docker Compose directly, the same mapping applies:
+
+```yaml
+services:
+  api:
+    volumes:
+      - ${HOME}/.microsoft/usersecrets:/root/.microsoft/usersecrets
+```
 
 ## Advanced Customization
 
@@ -180,7 +195,8 @@ Edit `mounts` array to add more host directories (e.g., for shared data):
 
 ```json
 "mounts": [
-  "source=${localEnv:HOME}${localEnv:USERPROFILE}/.ssh,target=/root/.ssh,readonly",
+  "source=${localEnv:HOME}/.ssh,target=/root/.ssh-host,type=bind,readonly",
+  "source=${localEnv:HOME}/.microsoft/usersecrets,target=/root/.microsoft/usersecrets,type=bind",
   "source=/path/on/host,target=/path/in/container"
 ]
 ```

.devcontainer/devcontainer.json

@@ -1,5 +1,5 @@
 {
-  "name": "Bike Tracking - Full Stack",
+  "name": "Bike Commuter Tracker - Full Stack",
   "build": {
     "dockerfile": "devcontainer.Dockerfile",
     "context": ".."
@@ -70,6 +70,7 @@
     "PATH": "${containerEnv:PATH}:/usr/local/share/dotnet-tools:/root/.dotnet/tools"
   },
   "mounts": [
-    "source=/mnt/c/Users/klogan/.ssh,target=/root/.ssh-host,type=bind,readonly"
+    "source=${localEnv:HOME}/.ssh,target=/root/.ssh-host,type=bind,readonly",
+    "source=/mnt/c/Users/klogan/AppData/Roaming/Microsoft/UserSecrets,target=/root/.microsoft/usersecrets,type=bind"
   ]
 }

specs/010-gas-price-lookup/quickstart.md

@@ -35,13 +35,29 @@ When a user creates or edits a ride, the form now shows a **Gas Price ($/gal)**
 
 ## EIA API Key Setup (Development)
 
-The EIA API key is required for the lookup to succeed. In development, set it via .NET User Secrets:
+The EIA API key is required for the lookup to succeed. In development (on your local machine), set it via .NET User Secrets:
 
 ```bash
 cd src/BikeTracking.Api
 dotnet user-secrets set "GasPriceLookup:EiaApiKey" "YOUR_EIA_KEY_HERE"
 ```
 
+If you run the API in a dev container, bind-mount your host User Secrets directory so secrets persist across container rebuilds:
+
+```yaml
+# docker-compose.yml
+services:
+   api:
+      volumes:
+         - ${HOME}/.microsoft/usersecrets:/root/.microsoft/usersecrets
+```
+
+Windows host path equivalent:
+
+```text
+%APPDATA%\Microsoft\UserSecrets -> /root/.microsoft/usersecrets
+```
+
 Get a free key at: https://www.eia.gov/opendata/register.php
 
 Without the key, the field will fall back to the last ride's gas price (or remain empty for new users). The ride can still be saved — gas price is always optional.