I'd like a streamlined methodology behind being able to run locally (work is done on more than one machine), deploy, and commit to version control where the sensitive information up to and including (password, username, port(s), hostnames, database name) are automatically absent(or removed) and imported based on which situation is happening?
The sensitive data was listed in order of importance so while password only solutions are nice, the farther up the chain the better. The other nice to have would be that there's a dummy sample file for someone else to try out the project on their own machine with their own host by just filling in the missing parts of the dummy file.
What are my options to follow for this functionality? I thought about adding the relevant settings to the local machine.config, but then the information is saved out to the machine file instead of somewhere encrypted in my user documents file. Additionally that wouldn't lend itself very well to a local dummy file for newer programmers to plug and play.
What I'm thinking is the cleanest solution is a local .config file in the project root that isn't added to version control.
If there's a way to have it encrypted in such a way that the server machine is the only one with a key to decrypt the file (rather than the project being able to do it) that will be deployed that would be terrific. Then I could have the data stored in source control, share the source with other people interested in studying the project, without them getting the actual information needed to make breaking changes or look at private information.