Azure DevOps CI/CD和将连接字符串与源代码控制分开 [英] Azure DevOps CI/CD and Separating Connection Strings from Source Control
问题描述
因此,我通过许多博客/SO帖子遵循了许多不同的想法/策略,但是我一直找不到自己的想法解决方案.
So I've been following many different idea/strategies through many blogs/SO posts but I haven't been able to find my idea solution.
- Visual Studio 2017 v15.9.6
- Git(源代码控制)
- Azure DevOps CI/CD
- Azure App Service(用于托管Web API)
目标是使用Azure DevOps工具来提交我的项目更改,将更改(通过Git)推送到Azure DevOps存储库,让CI/CD按照管道规则来构建项目,以将其部署到dev/production/etc .在所有这些期间,请将连接字符串置于源代码控制之外.
The goal is to use the Azure DevOps tools to commit my project changes, push (via Git) the changes to Azure DevOps repo, have the CI/CD build the projected follow the pipeline rules to deploying to dev/production/etc. All this while, keep connection strings out of source control.
当前,我有一个网站(旧版Web应用程序),该网站在外部连接字符串文件上具有本地连接字符串定义(基于本文
Currently, I got a website (legacy Web Application) that has local connection string definitions on an external connection string file (based on this article Connection Strings and Configuration Files). It's hosted as an App Service on Azure. Within my .gitignore file I made Git ignore the specific connection strings file so that it's not in source control. Using Azure's deployment from GitHub feature, the site gets updated with the source in GitHub. However, I had to manually upload the connection string file with false/bad data. I use Azure's application settings to define the connection strings themselves. This process works perfectly fine.
我在.Net Framework 4.7.2上启动了一个新的.Net Web API项目.我还按照该文章将连接字符串分成一个单独的文件,以便在源代码管理中也可以忽略该文件.当Azure DevOps生成项目时,它会失败:
I have a new .Net Web API project started at .Net Framework 4.7.2. I also followed the article to separate the connection strings into a separate files so that I can also ignore the file in source control. When the Azure DevOps builds the project it fails saying:
C:\ Program Files(x86)\ Microsoft Visual Studio \ 2017 \ Enterprise \ MSBuild \ Microsoft \ VisualStudio \ v15.0 \ Web \ Microsoft.Web.Publishing.targets(2603,5): 错误:将文件ConnectionStrings.config复制到 obj \ Release \ Package \ PackageTmp \ ConnectionStrings.config失败.可以 找不到文件"ConnectionStrings.config".
C:\Program Files (x86)\Microsoft Visual Studio\2017\Enterprise\MSBuild\Microsoft\VisualStudio\v15.0\Web\Microsoft.Web.Publishing.targets(2603,5): Error : Copying file ConnectionStrings.config to obj\Release\Package\PackageTmp\ConnectionStrings.config failed. Could not find file 'ConnectionStrings.config'.
很显然,因为我没有将此文件添加到源代码管理中.主要是因为即使在开发过程中,我也需要放置实际的连接字符串用户名/密码.
Obviously, because I'm not adding this file to source control. Mainly because even during development I need to put actual connection string usernames/password.
还有哪些其他解决方案/功能可以帮助完成此方案?
What other solutions/features exist that can help accomplish this scenario?
推荐答案
简短的答案:不要在配置文件中添加机密.
Short answer: Don't put secrets in configuration files.
如果所有资源都驻留在Azure中,请使用托管服务身份,这样您就不必打扰连接字符串了.
If all your resources reside in Azure, use Managed Service Identities so that you don't need to bother with connection strings.
如果没有,请使用 ARM模板和与保管库关联的关键参数来管理您的Azure基础结构. Azure Web Apps允许您使用Web应用程序中的应用程序设置/连接字符串 覆盖配置文件.因此,只需使用密钥库来管理这些内容,然后告诉Web应用从密钥库中提取值即可.
If not, use ARM templates and key vault-linked parameters to manage your Azure infrastructure. Azure Web Apps allow you to override configuration files with app settings/connection strings within the web app. So simply use key vault to manage that stuff, and tell the web app to pull the values from key vault.
这篇关于Azure DevOps CI/CD和将连接字符串与源代码控制分开的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
