It only took one time of accidentally pushing a web.config that contained an external provider’s OAuth secret to look for a better workflow.
A quick search revealed a post by Matt Burke: Keep Your Azure Secrets Safely Out of Git.
I was not aware of this capability of web.config to override elements from an external file, but that combined with .gitignore ended up being a perfect solution.
Federico
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.