3 Ways To Handle Configuration Information for AspNet Projects

This is a huge discussion and the debate could be similar to Tab vs Spaces on how and where should we put the configuration variables such as connections strings and environment specific variables.
There are three main choices here

  1. Web.config transformations that live with the solution source
  2. Located in the server
    1. As environment variables
    2. Or local configuration files
  3. Modified on the fly by the release pipeline

The first one is wrong on many levels.

  • First of all you may be committing secrets such as passwords with the code.
  • It also complicates the release process because you’ll have to do a different build for each environment. This is wrong because that means you are, effectively, releasing code that differs from the code you actually tested.

I like the second one, it’s in line with the 12 factor app “rules”. Since the configuration stays in the server, you can configure it once and you are done: you don’t have to think about it again and all your deployments are the same. Plus you are limiting the attack surface by not putting secret information inside the code.

In the third option you save all the important information in the Variables tab in the deployment pipeline (in the case of Azure Pipelines) and use a special task to modify the web.config on the fly. It has its advantages, mainly you don’t have to remember to put the configuration files in the server. But if you don’t create environments on the fly I think it’s an overkill.

Author: Daniele Pozzobon

Daniele is an aspiring software craftsman and Scrum Master with more that ten years of experience in the software industry.
He is currently working on amazing solutions in the manufacturing industry helping with the development of a DevOps culture.
He constantly annoys his friends by talking about software and is passionate about Agile methodologies and DevOps, which gives him more opportunities to talk annoy his friends even more.
When there are no friends around to annoy, he blogs on CodeCleaners and in his free he time loves go hiking with his wife and two daughters.