I have a public repository that has a ASP.NET Core Web API Project. How can I hide the database credentials in appsettings.json file from the repository? Cannot add the file to gitignore because the project configured for CI/CD.
1 Answer
The customary way to pass in credentials securely is to pass them in through the environment. It may be that your framework already has a way to receive these credentials from the environment, but if it needs a configuration file, you can check in a template configuration file, create a script to take the values from the environment and write the real configuration file, and then ignore the location of the real configuration file.
Almost all CI/CD pipelines have a secret store where you can add secrets, such as database credentials, and export them via the environment. Larger environments will often use a tool like Vault to store them securely.
What you don't want to do is check them in unencrypted to the repository because they're too easy to expose.
