1

In an open source ASP.NET application I'm working on, I need to keep certain data in the configuration file private, while still keeping it easy for people to build and debug it on their own machine. This is data such as API keys, Mail Settings, etc..

How would I keep this data separate and out of the git repository while still allowing people to just pull and build without having to set up a bunch of stuff?

Layl Conway
  • 385
  • 9
  • 17

1 Answers1

1

In your config file you can define configSource:

<configuration>
   <appSettings configSource="filepath1.config" />   
   <connectionStrings configSource="filepath2.config" />
   <!--etc-->
</configuration>

Put the configurations that you need to keep private in a separate config file, then exclude them in your .gitignore.

Keep in mind that this will ignore the whole section and overwrite it with the context you have in the referenced file.

You can also do Configuration Transform, which allows you to only overwrite a small set of variables in sections. For example:

In your main Web.config:

<configuration>
   <appSettings>
        <add key="Key1" value="Something I dont't Care"/>
        <add key="Key2" value="Something dummy"/>
   </appSettings>   
</configuration>

And in your Web.Release.config:

<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
   <appSettings>
      <add key="Key2" value="Something I want to keep secret"
         xdt:Transform="SetAttributes" xdt:Locator="Match(key)" />
   </appSettings>   
</configuration>

In this case the "Key2" value that you want to keep private will be in a separate file, and you can exclude the Web.Release.config through .gitignore.

Also there's another approach that I never tried, which can also overwrite config using external file.

tweray
  • 1,002
  • 11
  • 18
  • When adding a "configSource" attribute, I get an error. Looking online I need to enable "Use external configuration source file" but there's no word on where I can enable that. – Layl Conway Apr 28 '14 at 19:01
  • Can you post the error message? Also see if [this](http://stackoverflow.com/questions/398607/how-to-enable-configsource-attribute-for-custom-configuration-section-in-net) is your case. – tweray Apr 28 '14 at 19:03
  • "Unrecognized attribute 'configSource'. Note that attribute names are case-sensitive." – Layl Conway Apr 28 '14 at 19:04
  • which section are you trying to add the configSource to? Can you post the partial xml that you tried? – tweray Apr 28 '14 at 19:05
  • `` Looking further I've seen someone claim that configSource is not supported anymore. – Layl Conway Apr 28 '14 at 19:09
  • I am very positive that it is still working on .net45 though... Also I am able to reference the smtp section from an external file. Can you post larger set of xml in the question? Also can you post the referencing config file with value blanked out as well? – tweray Apr 28 '14 at 19:27
  • ` ` and ` ` – Layl Conway Apr 28 '14 at 20:00
  • In your referenced small config file, remove the `configSource="Mail.config" `. – tweray Apr 28 '14 at 20:01
  • Ah, that was the error, I removed it and that seems to have fixed it. Now email is still not sending but for a different reason. – Layl Conway Apr 28 '14 at 20:04