Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add appsettings.secrets.json to .gitignore in templates #16625

Closed
1 task done
maskalek opened this issue May 22, 2023 · 5 comments
Closed
1 task done

Add appsettings.secrets.json to .gitignore in templates #16625

maskalek opened this issue May 22, 2023 · 5 comments

Comments

@maskalek
Copy link

maskalek commented May 22, 2023
edited

Is there an existing issue for this?

  • I have searched the existing issues

Is your feature request related to a problem? Please describe the problem.

At this moment, templates (checked application and microservice template) don't have appsettings.secrets.json in .gitignore. As a result, secrets are committed in the repo.

Describe the solution you'd like

I believe we should not store any secrets in repositories. Could you please add appsettings.secrets.json into .gitignore by default for all templates?

Additional context

Would be nice to know the context behind and why it is not by default like that.
@realLiangshiwei
Copy link
Member

Hi,

This file is used for license codes for commercial templates.

ABP CLI dynamically creates the appsettings.secrets.json file; we can enhance the CLI to prevent this file from being generated for open-source templates.

@realLiangshiwei realLiangshiwei self-assigned this May 23, 2023
@realLiangshiwei realLiangshiwei added this to the 7.3-preview milestone May 23, 2023
@maskalek
Copy link
Author

Hi, thank you for the response. Ok, you are right. It is generated automatically but it has even more sense to gitignore it. Dont you think so? Because I have the license and every time I start a new project this file goes directly into the repo that doesn't sound safe (even if my repos are private).

@realLiangshiwei
Copy link
Member

realLiangshiwei commented May 23, 2023
edited

Hi,

We won't add it to gitignore, when you work with a team, other developers can't even run the project without it.

@realLiangshiwei realLiangshiwei removed their assignment May 23, 2023
@realLiangshiwei realLiangshiwei removed this from the 7.3-preview milestone May 23, 2023
@realLiangshiwei
Copy link
Member

After my check, this is by design, even for open-source templates.

@maskalek
Copy link
Author

maskalek commented May 23, 2023
edited

Hi,

We won't add it to gitignore, when you work with a team, other developers can't even run the project without it.

yes, that is clear. Don't you think every developer should generate it by themselves or share via some password keepers?
Without other secrets(passwords, connections string, etc) you also can't run the project , but we still don't want to commit anything to the repo and have it in user secrets instead.

btw your main repo ignores this file https://github.com/abpframework/abp/blob/dev/.gitignore. Interesting that you don't want to have it in template by default

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@maskalek @realLiangshiwei