Avoid ASP.NET passwords on github?

Question

Avoid ASP.NET passwords on github?

I understand that this question may be general, but in particular with regard to ASP.NET MVC, what is the best way to store passwords locally, but not in git / svn? My database connection string is currently in web.config - is it better to somehow include a file in web.config that is not in git? What are you doing?

+6

git svn passwords asp.net-mvc

Christopher Apr 12 '11 at 4:16

source share

3 answers

As for Git, I would use a filter driver to build the correct web.config from:

a web.config.template file,
external (encrypted) source where you need to look for a password.

enter image description here

On each check, the smudge script will be the correct content of web.config , thus:

web.config remains closed (visible only in the working tree)
the common parts of web.config that do not change frequently and are publicly available remain versions in web.config.template .
the password, even encrypted, is not replicated from the repository to the repository.

+7

Vonc Apr 12 '11 at 5:43

source share

put the web.config file in your .gitignore file. Web.config will not change very often.

0

Roger Apr 12 '11 at 4:29

source share

Michael stum · Accepted Answer · 2011-04-12T04:39:48+0000

I use Windows Auth with my databases, so the connection string contains the server name, but not the username and password.

For machines where I cannot use Windows Auth, I use web.config transforms and add the web.dev.config file to my .gitignore.

Avoid ASP.NET passwords on github?

More articles: