Keeping Secure Info from Source Control

(more self-reference stuff, notably in visual studio, but the process is similar regardless of platform – this is a various collection of resources not meant to be used all at the same time)

Basic steps (not considering more advanced setups such as Azure deployment, etc):

  1. Setup app.config/web.config with non-secure info that will be checked in to VCS
  2. Create separate config file for local developers, add secure data, add this to .gitignore
  3. Create separate test/prod config for build server
  4. In VS, mark this as “Content” file
  5. Add VCS repo readme notes for devs to create local.config file(s) and add to .gitignore
  6. Edit .csproj of composition root (i.e., the app) to copy the source files on AfterBuild target

Splitting app.config to separate files

(the standard app.config/web.config):

(the local.config):

Note that this splitting technique is also particularly helpful in enterprise environments with multiple composition roots so all the connections/settings can be sourced from a centralized file.

Using AfterBuild target for blank templates and auto-merges

This is useful for deployment to Azure where there’s no local settings for production builds. The idea here is to have an empty template file to copy, then in Azure portal under App Settings, add the settings and they’ll be filled accordingly:


Share on:

Share on facebook
Share on twitter
Share on linkedin

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

I agree to these terms.

Recent articles