ASP.NET: securing configuration files on Github

In asp.net, we can include a file attribute in appsettings that can hold secret values:

Web.config

  <appSettings file="HiddenSettings.config">
  </appSettings>

      

HiddenSettings.config

<?xml version="1.0"?>
<appSettings>
  <add key="DbConnectionString" value="VALUE_IN_TEMPLATE_FILE" />
</appSettings>

      

In git, we can simply store HiddenSettings.config in git -ignore so that sensitive information is not checked.

The problem with this approach is that every time the developer takes the first copy of the code, he / she has to fill in the secret manually.

What's the best way to do this automatically (i.e. no manual steps to fill in sensitive information in the local / target deployment environment)?

+3


source to share


1 answer


I have been thinking about this recently. The best way I could think of is to link to another config file just like you do and put that file in a separate private repository. Then add this repository as a submodule to your real project. For example:

git submodule add git@github.com:someUser/private-config.git

      

and the config points to the relative path of the submodule, something like:



<appSettings file="../../../../private-config/The.Real.Deal.config">
    <add key="someKey" value="SAMPLE VALUE" />
</appSettings>

      

So when the user checks out the project (with the submodules initialized) the configuration in the private repo will be available. If not, they can load the project without the actual values ​​and will only have access to the sampled values.

It looked good compared to other methods, but I am always open to suggestions.

+2


source







All Articles