Keeping Secure Info from Source Control

(more self-reference stuff, notably in visual studio, but the process is similar regardless of platform – this is a various collection of resources not meant to be used all at the same time)

Basic steps (not considering more advanced setups such as Azure deployment, etc):

  1. Setup app.config/web.config with non-secure info that will be checked in to VCS
  2. Create separate config file for local developers, add secure data, add this to .gitignore
  3. Create separate test/prod config for build server
  4. In VS, mark this as “Content” file
  5. Add VCS repo readme notes for devs to create local.config file(s) and add to .gitignore
  6. Edit .csproj of composition root (i.e., the app) to copy the source files on AfterBuild target

Splitting app.config to separate files

(the standard app.config/web.config):

<?xml version="1.0" encoding="utf-8" ?>
    <appSettings file="local.config">
        <add key="UnsecuredKeyName1" value="Value" />        
        <add key="UnsecuredKeyName2" value="Value" />     

(the local.config):

    <add key="SecuredKeyName1" value="Value" />        
    <add key="SecuredKeyName2" value="Value" />     

Note that this splitting technique is also particularly helpful in enterprise environments with multiple composition roots so all the connections/settings can be sourced from a centralized file.

Using AfterBuild target for blank templates and auto-merges

This is useful for deployment to Azure where there’s no local settings for production builds. The idea here is to have an empty template file to copy, then in Azure portal under App Settings, add the settings and they’ll be filled accordingly:

<Target Name="AfterBuild">
    <Copy SourceFiles="local.empty.config"
        DestinationFiles="local.config" SkipUnchangedFiles="true"


Share on:

Recent articles