I understand this question can be general but, specifically with regards to ASP.NET MVC, what's the best way to keep passwords locally but not in git/svn? My database connection string is currently in web.config -- is it best to somehow include a file in web.config that isn't in git? What do you folks do?
Asked
Active
Viewed 2,295 times
7
-
2On think that comes to mind is setting svn:ignore on web.config and including web.config.sample instead. – Andrew Savinykh Apr 12 '11 at 04:18
3 Answers
9
I use Windows Auth with my databases, so the connection string contains a server name but not a username/password.
For Machines where I can't use Windows Auth, I use web.config transforms and add the web.dev.config to my .gitignore.
Michael Stum
- 177,530
- 117
- 400
- 535
7
Regarding Git, I would use a filter driver in order to build the right web.config out of:
- a
web.config.templatefile, - an external (encrypted) source where to look for the password.
On every checkout, the 'smudge' script would be the right web.config content, that way:
web.configremains private (only visible in your working tree)- common parts of the
web.configwhich don't change often and are public information remain versioned inweb.config.template. - the password, even encrypted, don't get replicated from repository to repository.
0
put the web.config in your .gitignore file. The web.config will not change very often.
Roger
- 1,004
- 2
- 12
- 24