Geek asks and answers

How should I handle secret values ​​in a project in source control?

My question is essentially the same as this one , but for a Windows Store app, C # and Visual Studio. I want to have an easy way to keep secret values ​​in a project, in a file that can be ignored in the (untested) source. How should I structure my project in order to keep the application secret in such a way as to simplify the creation / management of the source code?

My first idea was to save it in an XML file (not checked) and load it at runtime, but this leaves it available to the user who installs it, so this needs to be done at build time. How to keep a couple of secret values ​​and replace the visual studio in my code when creating my project?

+5
source share
4 answers

In my company, we decide the following solution for you. In the configuration file, we associate sections with "secret" values ​​in external configurations. External configurations are in source control. At first it wasn’t, but after a problem, when our build server lost the disk, we decided it was safer to store it in place with backup. The folder in the source control (it can also be on the file server) is really limited to reading and writing only to those who need it. Create a project folder to verify the process and add a configuration folder and build. After the assembly "Configuration" is removed. Access to the build server is also limited.

0

- , . " ". , , .

, app.config web.config, .

0


(, ), . , .

- , API. (, , ). , API , , .

0

, , / . , , , - .

- . script , , , , .

, , , . / , , .

Remember to save the secrets file somewhere. And also remember that .NET code can be easily decompiled, so your secrets may not be as secret as you expect them to be - any user with a .NET reflector can see all the code in your release build, including your secret class.

0
source

More articles:


All Articles