Skip to content
This repository


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

A script to mask connection string passwords in ASP.NET Web.config files before they are committed to a git repo

branch: master

Fetching latest commit…


Cannot retrieve the latest commit at this time

Octocat-spinner-32 git-hooks
Octocat-spinner-32 src
Octocat-spinner-32 test_src
Octocat-spinner-32 .gitattributes
Octocat-spinner-32 COPYING
Octocat-spinner-32 COPYING.Saxon-HE
Octocat-spinner-32 saxon9he.jar

This project provides a pre-commit git hook that strips connection string passwords from ASP.NET Web.config files, helping to ensure that database passwords are not committed to a git repository by mistake.

The Bash pre-commit script was written for portability. It correctly works with git on Linux as well as Git for Windows.


General setup

The Bash script requires a Java Runtime Environment as it uses the Saxon-HE XSLT 2.0 processor. It should work with any Java 6-compatible RE, but I have only tested it with Oracle JRE 1.6.0_22-b04 and OpenJDK VM build 16.0-b13 with IcedTea6 1.8.3.

The java binary must be in the executable path.

Per-repository setup

Each git repository contains, in its .git directory, a subdirectory named hooks.

For each git repository with which you wish to use the pre-commit script, you need to download pre-commit, saxon9he.jar, and strip_connection_string_passwords.xsl into .git/hooks. Unix/Linux users must also ensure that the pre-commit file is executable.


The pre-commit script, XSL stylesheet, and test files are licensed under the terms of the GNU General Public License version 3 or any later version.

Saxon-HE is licensed under the terms of the Mozilla Public License version 1.0 with contributions under other terms. See COPYING.Saxon-HE for details.

Something went wrong with that request. Please try again.