Storing web.configs in source control safely
While it is necessary when using source control to store the web.config files in the repository, it is best practice to separate out any sensitive or environment specific values to separate files and exclude those files from source control. This article explores some best practices on how to do that.
Some examples of the kinds of sensitive or environment specific values you want to exclude are:
- CMS hash string salt
- cloud service usernames/passwords
- connection strings
- etc.
For the purposes of this article, we'll discuss the two main web.config sections that include sensitive or environment-specific data in a typical Kentico instance, the appSettings and connectionStrings sections. To prepare the appSettings section to have sensitive data removed, locate the appSettings section opening tag and change it to the following:
<appSettings file="AppSettings.config">
All you're doing is adding the file attribute. Leave the settings keys intact, including the sensitive ones, we'll come back to those. Next, create a new file titled "AppSettings.Template.Config" and paste in the following:
<appSettings>
<add key="CMSHashStringSalt" value="" />
</appSettings>
Add any additional sensitive keys that apply to your project (e.g. CMSAzureAccountName and CMSAzureSharedKey for Azure storage) making sure to leave the actual values blank. Then copy/paste the template file you just created and rename it "AppSettings.config". Edit that file to include the actual values for the sensitive keys in the original web.config and remove the key entirely from the web.config. In the end, your web.config appSettings section will look something like this:
<appSettings file="AppSettings.config">
<add key="CMSProgrammingLanguage" value="C#" />
<add key="WS.webservice" value="http://localhost/WebService/webservice.asmx" />
<add key="CMSTrialKey" value="CX09-20151217-Arnrjm" />
<add key="ChartImageHandler" value="storage=session;timeout=20;" />
<add key="PageInspector:ServerCodeMappingSupport" value="Disabled" />
<add key="CMSApplicationGuid" value="7ff3d58c-f4ef-4441-a45c-3fc21e95eed7" />
<add key="CMSApplicationName" value="Localhost/Kentico" />
</appSettings>
Notice that the sensitive key CMSHashStringSalt is not present, but the other non-sensitive ones are. The file attribute on the appSettings key points to a file that will be merged with the appSettings section in the web.config and changes to the external file will not trigger an app restart. The file attribute is specific to the appSettings section. To accomplish the same thing for most other sections, such as the connectionStrings section, we need to use the configSource attribute. Unlike the file attribute for the appSettings section, the file that the configSource attribute points to will replace, not merge with, the web.config, and changes to the external file can trigger an application restart. Let's apply this to the connectionStrings section. First, we'll create a "ConnectionStrings.Template.config" file with the following text:
<connectionStrings>
<add name="CMSConnectionString" connectionString="" />
</connectionStrings>
If your project has additional connection strings, add them here the same way. Next, copy this template and rename it to "ConnectionStrings.config". In this file update the connectionString values from your web.config. Finally, open the web.config and replace the entire connectionStrings section with the following:
<connectionStrings configSource="ConnectionStrings.config" />
Now your web.config file is safe to check in to source control. Just don't forget to exclude the "AppSettings.config" and "ConnectionStrings.config" files from your source control. You can see an example of this in our MVC sample site repository on GitHub.