-1

We currently have the following Web.Release.config file that transforms Web.config at deployment time.

<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
  <system.web>
    <compilation xdt:Transform="RemoveAttributes(debug)" />
  </system.web>
  <elmah>
    <errorLog xdt:Transform="Remove" />
    <errorMail xdt:Transform="Remove" />
    <errorMail xdt:Transform="Insert" from="reports@companyxyz.com" to="a23cv@companyxyzteam.slack.com" subject="Dashboard Error" async="true" smtpPort="587" smtpServer="smtp.sendgrid.net" userName="apikey" password="password123" />
  </elmah>
</configuration>

As you can see, the config file contains sensitive information like password.

The pipeline artifact contains Scripts, Content, Bundles, and most relevant to this question the Web.Debug.config, Web.Release.config and Web.config:

web configs

When the artifact is published, the release pipeline triggers the Azure App Service task deployment:

steps:
- task: AzureRmWebAppDeployment@4
  displayName: 'Deploy Azure App Service'
  inputs:
    azureSubscription: '$(Parameters.ConnectedServiceName)'
    appType: '$(Parameters.WebAppKind)'
    WebAppName: '$(Parameters.WebAppName)'
    enableCustomDeployment: true
    TakeAppOfflineFlag: false
    RenameFilesFlag: false
    enableXmlTransform: true

Instead of the XML transformation being the one to change the attributes like password, or even to email attribute, we would like to store those as variables, possibly in the release pipeline (maybe create an elmah group containing these attributes/values) and use that such variables to transform the Web.config file. Of course, we still would want other XML transform settings to occur, such as the <system.web>, but we want attributes like those in <elmah> to be transformed using variables instead of the XML file.

How can we accomplish this? I know how to create the variables, but I am not sure how or if its even possible to transform the Web.config file using variables instead of the Web.Debug.config or Web.Release.config

Is there a setting/task that can do this?

Cataster
  • 3,081
  • 5
  • 32
  • 79
  • To properly handle passwords, you might consider better approaches like [this](https://www.javaer101.com/en/article/15385567.html) – Lex Li Apr 08 '21 at 22:19
  • @LexLi good suggestion, but elmah is just one use case. We have other needs to store keys/values elsewhere and have them transformed, so I'd still like a solution within Azure Devops – Cataster Apr 09 '21 at 01:20

1 Answers1

1

I am not sure how or if its even possible to transform the Web.config file using variables instead of the Web.Debug.config or Web.Release.config

We could install the extension Replace Tokens, add variable and set the variable to secret then add the task Replace Tokens to replace the web.configure variable and use it in the Azure DevOps pipeline.

Update1

Open .csproj file and add the field <CopyToOutputDirectory>Never</CopyToOutputDirectory>, it will not copy the Web.Release.config file.

<None Include="Web.Release.config">
      <DependentUpon>Web.Release.config</DependentUpon>
      <CopyToOutputDirectory>Never</CopyToOutputDirectory>
    </None>
Vito Liu
  • 7,525
  • 1
  • 8
  • 17
  • ohhh interesting! Thanks im gonna try it out! and how do i tell the pipeline to ignore the release `Web.Release.config` file? negative globbing `!(Web.Release.config)` isnt working – Cataster Apr 09 '21 at 13:51
  • Hi @Cataster, I have updated the answer, you could check it and kindly share the result here. – Vito Liu Apr 13 '21 at 02:49
  • Hi @Cataster, Just checking in to see whether this issue is still blocking you now? Any update for this issue? – Vito Liu Apr 16 '21 at 06:40
  • 1
    Hi Vito, thanks for the update. I was awaiting approval on the 3rd party extension `Replace Tokens` thats why i didnt have an update yet. Management approved it now so i can try it out and get back to you. – Cataster Apr 19 '21 at 05:12
  • Hi @Cataster, you could try it and then kindly share the result here. Have a nice day. – Vito Liu Apr 19 '21 at 05:24
  • Hi @Cataster, How about this issue? If you have any concern, feel free to share it here. Have a nice day. – Vito Liu Apr 20 '21 at 07:54
  • 1
    Hi Vito, im still testing it out, ill update you soon – Cataster Apr 21 '21 at 03:12
  • Hi @Cataster, How about this issue, do you have any other follow-up questions about this issue? – Vito Liu Apr 26 '21 at 14:39
  • Hi Vito, my colleague is considering utilizing Azure Key vault so we are trying to see how to make this work with this extension. would you know? How would we connect it to it? – Cataster Apr 29 '21 at 05:27