A script to mask connection string passwords in ASP.NET Web.config files before they are committed to a git repo
Python Shell XSLT
Fetching latest commit…
Cannot retrieve the latest commit at this time.


This project provides a pre-commit git hook that strips connection string passwords from ASP.NET Web.config files, helping to ensure that database passwords are not committed to a git repository by mistake.

The Bash pre-commit script was written for portability. It correctly works with git on Linux as well as Git for Windows.


General setup

The Bash script requires a Java Runtime Environment as it uses the Saxon-HE XSLT 2.0 processor. It should work with any Java 6-compatible RE, but I have only tested it with Oracle JRE 1.6.0_22-b04 and OpenJDK VM build 16.0-b13 with IcedTea6 1.8.3.

The java binary must be in the executable path.

Per-repository setup

Each git repository contains, in its .git directory, a subdirectory named hooks.

For each git repository with which you wish to use the pre-commit script, you need to download pre-commit, saxon9he.jar, and strip_connection_string_passwords.xsl into .git/hooks. Unix/Linux users must also ensure that the pre-commit file is executable.


The pre-commit script, XSL stylesheet, and test files are licensed under the terms of the GNU General Public License version 3 or any later version.

Saxon-HE is licensed under the terms of the Mozilla Public License version 1.0 with contributions under other terms. See COPYING.Saxon-HE for details.