1

I've an ASP.NET MVC application that got some Web.config configurations:

  1. one for local test (i.e. Debug, which have connection strings with server and Windows Authentication parameters) ;
  2. one for the production (i.e. Release, containing connection strings with server, user and password for the remote SQL server);

Now, when I commit the project on GitHub, I realize that basically (being a public repo) it become visible to everyone the server, user and password for my remote db (I would say 'doh...).

How do you manage this? I would publish it on my git repo (since it got some custom "release" settings), but at the same time hide my private data on a public repository.

markzzz
  • 47,390
  • 120
  • 299
  • 507
  • use windows authentication if possible or use variables in the configs and then replace when you deploy to the need env. Some of the build tools have configurations with password masking (for example Bamboo). – Dmitrij Kultasev Jul 26 '18 at 12:40
  • @DmitrijKultasev: I'm on a Shared Hosting, can't use a Win Auth. Can you show to me an example of variables/web config in .NET? – markzzz Jul 26 '18 at 12:50

1 Answers1

0

Too long to comment. There are lots of ways you can do that, we did that:

  • gitignore webconfig and set it up locally as you wish and then maintain one on the shared hosting manually
  • you can have template for configs where all the sensitive values will be replaced with some placeholders and then after successful deploy to prod replace the placeholders with proper values
Dmitrij Kultasev
  • 5,447
  • 5
  • 44
  • 88
  • I like the first approch. So I send to git a Web.Release.config with empty user/password, send it to git, than ignore! Than, change the user/pass on server. But what if in 2 months I edit the file and I need to keep changes on git? remove from ignore, edit, change again to blanck user pass, commit, git ignore again, and place real user and pass? Isn't a pain? – markzzz Jul 27 '18 at 08:02
  • how frequently are you doing changes to release config? I'm not sure is it even possible (I'm db guy), but can you include another config file in the config? if yes then leave not sensitive part + inclusion of sensitive part under source control and create sensitive one gitignored – Dmitrij Kultasev Jul 27 '18 at 08:07
  • @markzzz something like that https://stackoverflow.com/questions/10300063/can-i-create-config-file-and-include-it-to-web-config – Dmitrij Kultasev Jul 30 '18 at 07:28