1

I've started working on an Azure project. In terms of config, I currently have three files: ServiceConfiguration.Cloud.cscfg, ServiceConfiguration.Local.cscfg and ServiceDefinition.csdef.

ServiceDefinition.csdef is the template file for the csfg files. ServiceConfiguration.Cloud.cscfg contains all the actual Azure configuration, including DB passwords, SAS keys etc.

Should ServiceConfiguration.Cloud.cscfg be checked into source control? I wouldn't have thought so but a quick search on github for the file shows that it is.

If it should be checked in, how should the sensitive password data be managed?

user783836
  • 3,099
  • 2
  • 29
  • 34

2 Answers2

0

I typically check in the configurations. The reason is that the behavior of your application will change dramatically depending on these configurations. For example -> number of roles for a distributed application directly affects how you process incoming messages and the vmsize directly affects how much memory you have. You may encounter issues debugging problems if each developer is using a different configuration. This standardizes your deployment.

David Crook
  • 2,722
  • 3
  • 23
  • 49
  • 2
    okay. so how are you handling secrets like SAS and DB passwords when the project is on a public repo like github? – user783836 Sep 04 '15 at 15:08
0

Anything with plain-text password information shouldn't be checked into a public repo unless you want people to have access to that information.

You can add this file to the .gitignore file and prevent it from being checked in.

Provide a different ServiceConfiguration.Cloud.cscfg named something like ServiceConfiguration.Cloud.cscfg.template with all the config info of your cloud service minus the password values. If someone forks your project they need to use that and fill in the appropriate values and rename the file.

Do this and change all your passwords to something else. Even if you delete this file from the repo, it still exists in the history and anyone can view it.

Thraka
  • 2,065
  • 19
  • 24