Open tfabraham opened 6 years ago
[piotroek@3/23/2016] We use encrypted passwords, basically trusted person encrypts passwords with asymmetric key and gives it to devs, devs are storing those passwords in the file but each password is surrounded in our case by |[ENCRYPTEDPASSWORD|], then during the deployment script has 2 extra steps decrypt passwords from the file and create decrypted file, use it instead of chosen file and finally delete file. Everything works as key is stored on the destination server (in the cert store) and is accessible only by "trusted" person.
Hope it helps.
[UnknownUser@3/23/2016]
[UnknownUser@5/22/2016]
We use azure keyvault all the way. We only add placeholders in the settings file likie [somepasswordsetting]. This is the either replaced in DevOps or via a local exe that Injects password to the bindingfiles.
What if sensitive binding information, such as passwords, was not allowed to be stored in the EnvironmentSettings.xml file? I guess this may be a fairly common requirement but I can't find any info on how people have achieved it. Ideally, the sensitive info would be held in a secure database and pulled in by the BTDF. Are there any posts on this?
Thanks, Rob.
This work item was migrated from CodePlex
CodePlex work item ID: '11019' Vote count: '3'