tfabraham
commented
6 years ago [piotroek@3/23/2016] We use encrypted passwords, basically trusted person encrypts passwords with asymmetric key and gives it to devs, devs are storing those passwords in the file but each password is surrounded in our case by |[ENCRYPTEDPASSWORD|], then during the deployment script has 2 extra steps decrypt passwords from the file and create decrypted file, use it instead of chosen file and finally delete file. Everything works as key is stored on the destination server (in the cert store) and is accessible only by "trusted" person.
Hope it helps.
fernandodsanjos
What if sensitive binding information, such as passwords, was not allowed to be stored in the EnvironmentSettings.xml file? I guess this may be a fairly common requirement but I can't find any info on how people have achieved it. Ideally, the sensitive info would be held in a secure database and pulled in by the BTDF. Are there any posts on this?
Thanks, Rob.
This work item was migrated from CodePlex
CodePlex work item ID: '11019' Vote count: '3'