Having done... enough .NET I don't see a serious consensus and it frustrates me. My favorite was the project that used dot ENV files. I have tried to convince them of it here, but nobody cares enough about the craft I suppose, of course there's more important things to be worked on, momentary change for increased dev experience is not worth it the business.
If you're saying that there's no one right way to do it, then I broadly disagree. There's the (very flexible) .NET Configuration system (1) - that is the right way to do it. You should start with appsettings.json and other sources, and end up with injecting IOptions<T> into your code. Consistently.
If you're saying that in your experience, far too many people don't use this system, then who am I to disagree with your experience? Sure, it happens. YMMV. I would be insisting that they move to the .NET Configuration system, though. If they're serious.
1) https://learn.microsoft.com/en-us/dotnet/core/extensions/con...
Agreed that it's good. Partly because it's even more flexible than that. There are good defaults, but you decide which sources in which order are use. e.g. in our case it is
appsettings.json
appsettings.{env}.json (e.g. appsettings.dev.json )
Environment variables
There are also providers for places where secrets are stored, such as Azure Key vault (1), which would be layered on last. And a test provider where you just supply some key-value pairs from code (2). Or roll your own (3).
1) https://learn.microsoft.com/en-us/aspnet/core/security/key-v...
2) https://learn.microsoft.com/en-us/dotnet/core/extensions/con...
3) https://vinayakabhat.medium.com/integrating-aws-secrets-mana...
Then when you need to read a value, inject IConfiguration and call config.GetValue<string>("someKey") or config.GetValue<int>("otherKey") etc. to get values from it in a flat manner.
If you do that enough, you might extract common code or but some other class over it for related settings. At which point you might as well declare a DTO and use IOptions<T>
However what OP has is a whole 80 line workflow definition. I don't recommend storing that kind of thing in the .NET config system at all.
Then if such a large file has sensitive values such as passwords, it will need some find/replace templating system to substitute them from config. e.g. handlebars with "{{somePassword}}" in the file.
>> If you do that enough, you might extract common code or but some other class over it for related settings. At which point you might as well declare a DTO and use IOptions<T>
I think it rarely needs to be that complicated. I overengineered the configuration system for something before and regretted it. People understand GetValue<T>(key) anything else makes them have to think for no reason.
Considering that this represents one of many possible workflow objects (probably organized in a data structure and managed by other objects/methods), implementing secret replacement using a ConfigurationBuilder seems like abuse.