Best practice for multiple environments and the config.toml file

[kaeedo]

Hello. I've been trying to figure out best practices for dealing with multiple environments and checking in the config.toml file. Specifically, I don't want to expose the postgres connection string with password by checking it into source control. Is there some best practice for reading it in from dotnet user-secrets or env vars, or having an override such as config.local.toml which would get .gitignored?

Thanks

[JordanMarr]

Having a built-in way to hide connection strings that contain a password would be a great feature. There is currently not a built-in way to do this. For a temporary solution, you would probably need to manually add the toml file(s) to your gitignore.

[kaeedo]

Thanks. That's what i've been doing now. Just as another suggestion, maybe you could pass in the connectionString/password via a CLI argument. something like dotnet sqlhydra npgsql --connection-string "My connection string"

[JordanMarr]

That seems like a good approach. Is the idea that you would use a variable in the command line for the password, or do you have another technique in mind?

Like this:

dotnet sqlhydra npgsql --connection-string "Server=localhost,12019;Database=AdventureWorks;User=sa;Password=$(Password);TrustServerCertificate=True"

[kaeedo]

Basically that. Then you can use your favorite CLI tools to pass the connection string via STDOUT or similar

dotnet sqlhydra npgsql --connection-string $CONNSTR

[JordanMarr]

SqlHydra.Cli v2.3.3 is published with new arg:

Input.OptionMaybe<string>(["-cs"; "--connection-string"], "The DB connection string to use. This will override the connection string in the toml file.")

[JordanMarr]

I should probably document the various command line arguments that have been added. But then again, it uses FSharp.SystemCommandLine, so it is kind of self documenting. ¯\(ツ)/¯

[kaeedo]

Cool. Thanks much