Most web applications need to store secret data in one way or another—database credentials, tokens, or other types of keys. This data should never fall into the hands of invaders in the event of an attack.
In order to mitigate this risk, chapter 7 discusses several approaches to storing secrets in an ASP.NET Core application. Chapter 8 takes a specific look at passwords and how to store (or rather, not to store) them.