Reputation: 29
How can I hide database credentials from ASP.NET core appsettings.json file in a public github repository?
I have a public repository that has a ASP.NET Core Web API Project. How can I hide the database credentials in appsettings.json file from the repository? Cannot add the file to gitignore because the project configured for CI/CD.
Upvotes: 0
Views: 740
Answers (1)
Reputation: 76439
The customary way to pass in credentials securely is to pass them in through the environment. It may be that your framework already has a way to receive these credentials from the environment, but if it needs a configuration file, you can check in a template configuration file, create a script to take the values from the environment and write the real configuration file, and then ignore the location of the real configuration file.
Almost all CI/CD pipelines have a secret store where you can add secrets, such as database credentials, and export them via the environment. Larger environments will often use a tool like Vault to store them securely.
What you don't want to do is check them in unencrypted to the repository because they're too easy to expose.
Upvotes: 1
Related Questions
- Removing appsettings.Development.json when deploying an ASP.NET Core website via GitHub Action
- Exclude appsettings.json file from GitHub Repo
- Using .gitignore file to hide appsettings.json does not actually hide it
- Sharing my read-only Azure App Configuration Connection String in a public repo
- How to avoid storing passwords or other sensitive data in appsettings.json
- Heroku, Github and Asp.net core, How to manage appsettings.json?
- Strategy to avoid storing secret web.config settings on github
- ASP.NET Core appSettings.json security
- ASP.NET: Securing Config Files in Github
- How to hide connectionStrings on Github for both Entity Framework and Membership, that will be used on AppHarbor later on?