3

I have a web app that I deploy to an Azure App Service, using VSTS. So far, I have managed to successfully use config transforms and variable substitutions to be able to not have any sensitive information in source control, but I can't get my head around how to do it for the smtp credentials in system.net/mailSettings/smtp/network.

Anyone have any ideas?

Stephan Lonntorp
  • 71
  • 8
  • Same as the other sensitive items? There is no principle difference with for instance a ConnectionString – H H Apr 21 '18 at 08:32
  • ConnectionStrings and app settings can use variable substitutions, other config sections cannot, so there’s a difference. – Stephan Lonntorp Apr 21 '18 at 08:40

1 Answers1

4

OK, after digging a bit, and asking around, it seems as using WebDeploy and parameters.xml is working.

This is what I did:

  1. I added the addon Replace Tokens to my VSTS account.

  2. I added a parameters.xml to my web site project, and it looks like this:

    <?xml version="1.0" encoding="utf-8"?>
<parameters>
  <parameter name="Mail.Username" description="The username used for smtp authentication" defaultValue="#{Mail.UserName}#" tags="">
    <parameterEntry kind="XmlFile" scope="obj\\Release\\Package\\PackageTmp\\Web\.config$" match="/configuration/system.net/mailSettings/smtp/network/@userName" />
  </parameter>
  <parameter name="Mail.Password" description="The password used for smtp authentication" defaultValue="#{Mail.Password}#" tags="">
    <parameterEntry kind="XmlFile" scope="obj\\Release\\Package\\PackageTmp\\Web\.config$" match="/configuration/system.net/mailSettings/smtp/network/@password" />
  </parameter>
</parameters>

  3. My build step was already set to output a package, but these are the MSBuild parameters needed for the build step. /p:DeployOnBuild=true /p:WebPublishMethod=Package /p:PackageAsSingleFile=true /p:SkipInvalidConfigurations=true /p:PackageLocation=”$(build.artifactstagingdirectory)\\” if you, like me, are doing config transforms of connection strings, you might want to add /p:AutoParameterizationWebConfigConnectionStrings=false to that list of parameters as well.

  4. In the Release Configuration, before the Deploy to Azure App Service step, add a step using the afore mentioned Replace Tokens addon. I stuck with the default syntax for replacement values, but those could be changed. Since I'm using all default values, I run the task in Root directory $(System.DefaultWorkingDirectory)/$(Build.DefinitionName)/drop and Target files *.SetParameters.xml

  5. Then in the Deploy to Azure App Service step I selected the option Publish using Web Deploy and for the SetParameters file I used $(System.DefaultWorkingDirectory)/$(Build.DefinitionName)/drop/<Name of Web Project>.SetParameters.xml

  6. Under Post Deployment Action, set Deployment script type to Inline script, and add the following script.

    @echo off
del parameters.xml

    This is because .config files aren't served by default, but .xml files are, and otherwise your parameters.xml would sit in your web root unprotected, with your smtp username and password in plain text.

  7. Next add Release Variables named Mail.Username and Mail.Password, and fill in their values. I made Mail.Password a secret.

  8. Check in everything, and trigger a build and release!

Stephan Lonntorp
  • 71
  • 8
  • In my case I found that the parameters.xml file was not updated by the TokenReplace step as we had correctly targetted the SetParameters.xml file which is automatically generated by the web deploy stage so the deletion is not entirely necessary but wise. Also it's worth mentioning this one set parameters file will work on all of the config files in your webjobs too. Thanks for this answer. – The Senator Apr 06 '19 at 12:30