locked
Avoid storing config settings in repository RRS feed

  • Question

  • We do use a git repository for our worker role, we commit the entire solution to keep track of changes to ServiceConfiguration too.

    We would like to avoid storing sensitive info in the repository and I wonder if something similar to WebSites App Settings in web portal is available for Cloud Service too.

    I did try to set just the local value for my settings (ServiceConfiguration.Local.cscfg, leaving ServiceConfiguration.Cloud.cscfg blank) and then set the correct value in web portal config tab for the worker role (so to have localhost in the cscfg files that goes into the repository and the correct connection string just in the web portal). This work fine until we redeploy the role, doing so the settings in the web portal resets back to ServiceConfiguration.Cloud.cscfg (blank, no values).

    Not committing ServiceConfiguration.Cloud.cscfg is not an option as we'd prefer not to have the real connection strings nor in the repository nor in our local PCs.

    Any suggestions?

    Saturday, October 25, 2014 1:37 PM

Answers

  • Hi sir,

    Currently, we could got the "Role Settings" from the Azure portal,Configure all the required settings specified in the ConfigurationSettings element of the service configuration file (.cscfg). Example: Add the thumbprint of the certificate used for SSL communications. The thumbprint must be associated with a new certificate that was uploaded on the Certificates page.

    But we could not set the settings on the Azure cloud service portal currently. You could submit a feature request about this feature via the page (http://www.mygreatwindowsazureidea.com/forums/34192-windows-azure-feature-voting). Also, Alternative approach is that you could write some information into web.config. Your project could get the configuration values via the code below:

    ConfigurationManager.AppSettings["stroageaccount"].ToString();
     

    Also, you can encrypt the configurations, please see this code sample(https://code.msdn.microsoft.com/windowsazure/Encrypt-Configuration-5a8e8dfe ).

    Regards,

    Will


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Monday, October 27, 2014 6:33 AM
  • I just realized that someone else already suggested this:

    http://feedback.azure.com/forums/169386-cloud-services-web-and-worker-role/suggestions/6103937-store-cloud-service-credentials-keys-outside-of

    Vote for it!

    Monday, October 27, 2014 8:39 AM

All replies

  • Hi sir,

    Currently, we could got the "Role Settings" from the Azure portal,Configure all the required settings specified in the ConfigurationSettings element of the service configuration file (.cscfg). Example: Add the thumbprint of the certificate used for SSL communications. The thumbprint must be associated with a new certificate that was uploaded on the Certificates page.

    But we could not set the settings on the Azure cloud service portal currently. You could submit a feature request about this feature via the page (http://www.mygreatwindowsazureidea.com/forums/34192-windows-azure-feature-voting). Also, Alternative approach is that you could write some information into web.config. Your project could get the configuration values via the code below:

    ConfigurationManager.AppSettings["stroageaccount"].ToString();
     

    Also, you can encrypt the configurations, please see this code sample(https://code.msdn.microsoft.com/windowsazure/Encrypt-Configuration-5a8e8dfe ).

    Regards,

    Will


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Monday, October 27, 2014 6:33 AM
  • I just realized that someone else already suggested this:

    http://feedback.azure.com/forums/169386-cloud-services-web-and-worker-role/suggestions/6103937-store-cloud-service-credentials-keys-outside-of

    Vote for it!

    Monday, October 27, 2014 8:39 AM