Azure App Configuration - How to set a secret

I follow this guide to set up Azure App Configuration.

But I think I misunderstand this line:

dotnet user-secrets set ConnectionStrings:AppConfig "Endpoint=<your_endpoint>;Id=<your_id>;Secret=<your_secret>"

Or rather; what is what...

• your_endpoint = I set my Primary Key Connection String (copied from the App Configuration resource in Azure)
• your_id = The guid is set as UserSecretsId (a few step up in the guide)
• your_secret = the key to the secret (ConnectionStrings:AppConfig in guide)

But then my program always crash at:

config.AddAzureAppConfiguration(settings["ConnectionStrings:AppConfig"]);

with exception:

System.FormatException HResult=0x80131537 Message=The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters. Source=System.Private.CoreLib StackTrace: at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength) at System.Convert.FromBase64String(String s) at Microsoft.Azure.AppConfiguration.Azconfig.AzconfigClient..ctor(String connectionString, HttpMessageHandler httpMessageHandler, Boolean disposeHandler) at Microsoft.Extensions.Configuration.AzureAppConfiguration.AzureAppConfigurationSource.Build(IConfigurationBuilder builder) at Microsoft.Extensions.Configuration.ConfigurationBuilder.Build() at Microsoft.AspNetCore.Hosting.WebHostBuilder.BuildCommonServices(AggregateException& hostingStartupErrors) at Microsoft.AspNetCore.Hosting.WebHostBuilder.Build() at Persistance.API.Program.Main(String[] args) in C:\Repos\experiment\experiment\Program.cs:line 19

when executing this code block (from guide):

public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
    .ConfigureAppConfiguration((hostingContext, config) =>
    {
        var settings = config.Build();
        config.AddAzureAppConfiguration(settings["ConnectionStrings:AppConfig"]);
    })
    .UseStartup<Startup>();

Right-click on project -> Manage User Secrets I have this json file:

 {
    "Movies:ServiceApiKey": "12345",
    "ConnectionStrings:AppConfig": "Endpoint=<Primary Key Connection String copied value from azure resource>;Id=<the UserSecretsId tag in csproj file>;Secret=<the Key value in App Configuration resource>"
 }

Worth noting; my primary key connection string contains chars ';', '-', '+' and '=' but those shouldn't be illeagal characters...

The key here is not to interpret the segments of the connection string but instead take it as an opaque token. The connection string can be copied directly from the portal or obtained through the azure CLI

az extension add -n appconfig
az appconfig credential list -n <your-app-configuration-name>

Once you have the connection string, the exact, complete value should be used for the call to AddAzureAppConfiguration. Most likely the 'Secret' part of your connection string will end with a '=' character, and I'm suspecting that it was not copied over.