4

In asp.net we can include file attribute in appsettings that can contain secret values:

Web.config

  <appSettings file="HiddenSettings.config">
  </appSettings>

HiddenSettings.config

<?xml version="1.0"?>
<appSettings>
  <add key="DbConnectionString" value="VALUE_IN_TEMPLATE_FILE" />
</appSettings>

In git, we can simply keep the HiddenSettings.config in git-ignore, so that sensitive information will not be checked-in.

The problem with this approach is every time the developer takes the first copy of the code, he/she needs to fill the secret data manually.

What's the best practice to do that automatically (i.e. no manual action to fill secret information in local/target deployment environment)?

Improve this question
1
  • Depending on your setup and choice of tools, it's very likely that you can transform the config files as part of the deployment process - for example, we use Octopus Deploy which simply switches out connection strings and other properties to variables specified in the deployment GUI (i.e. not in the git repo). The connection string in the repo is then whatever works on developer machines - usually (localdb)\mssqllocaldb with Integrated Security=True, i.e. no sensitive information, but working without modification after git clone. Commented Jul 24, 2015 at 15:51

1 Answer 1

Reset to default
2

I've been pondering that recently myself. The best method I could come up with so far is to link to a separate config file as you did and put that file to a separate private repository. Then add that repository as a submodule to the actual project. For instance:

git submodule add [email protected]:someUser/private-config.git

and the config points to the relative path of the submodule, something like:

<appSettings file="../../../../private-config/The.Real.Deal.config">
    <add key="someKey" value="SAMPLE VALUE" />
</appSettings>

So when a user checks out the project (with initializing submodules) the config in the private-repo will be available. If not than they can download the project without the actual values and will only have access to the sample values.

Compared to other methods this looked good to me but I'm always open to suggestions too.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Let's say you had multiple related projects, would you keep each project's config file in a separate repository? Or all in the same private repository?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.