I've got a beginners question that's hopefully easy, but I can't seem to find a straightforward answer, and I can imagine there's dozens of ways to accomplish this.
I have a c# application that connects to a database using SQL authentication (so I can't use trusted AD connection) and I've got a hard-coded connection string with the password in the source code. Unfortunately, I want to commit this source code to git version control, but I do not want the password in the source code.
What's the standard way to resolve this issue? Should I create a config file that's required to be read at runtime? Is there anyway to have this compiled down into the binary so I can distribute it without end-users needing the database credentials?
you should never store passwords or other sensitive data in source code, and you shouldn't use production secrets in development and test mode.
Best Approach will be storing sensitive info in environment variables.check this link
Other option save it into external file with extension .config as iis will ignore this file also exclude this file from source tree.check this link