How do I restore passwords associated with Publish Profiles?

Question

I use Publish (Web Deploy) to deploy MVC and Web API apps to Azure Web Services. When I do this, a .pubxml file is created and stored in source control but the passwords (understandably) are not in that file.

Now imagine I have 5 developers but I only want 2 of them being able to do deployments. We're good so far for me and the 3 developers that shouldn't be able to do a deployment. But what about that other deployer? Or what if I want to deploy from a second workstation as well (or have to wipe my main workstation)? How am I supposed to restore the deployment passwords for my other machine or allow the other deployer to restore it for himself?

I'm sure going to the Azure Portal to pull down the Publish Profile is part of the solution but what's the rest of the story to do this in a best practices sort of way?

UPDATE: I do not wish to change my deployment process away from publishing from Visual Studio. This is for prototyping applications and I'm not going to invest in scripting out build automation until we have something with much less churn and something we won't be throwing away. But I still will not be putting Azure publish credentials into source control. Microsoft has a vision for how this can be done - that is what I'm looking for.

Side note: I have a Jenkins build server that pushes a suite of 14 applications to 37 different servers in Azure (Cloud Services, App Services, VMs, and more). I get it. But it's not the right solution for this.

Answer 1

The answer to the originally-posted question is this:

1. Go to the Azure portal and download the Publish Profiles for all of your apps that you need to do this for. You can currently do this via the modern Portal by selecting App Services -> [select appropriate app service] -> Overview -> "... More" (at the top) -> Get publish profile.
2. In Visual Studio, pull up the Publish dialog for your application
3. Select the Publish profile you wish to update (if you have more than one, you'll have to follow these steps for each one)
4. Click the Back button until you see the blank Password textbox
5. Open the appropriate Publish Profile XML file you downloaded in Step 1. and copy the password out of there from the userPWD field.
6. Paste that password into the textbox in Step 4.

7. Uncheck and recheck the "Save password" box (I found that it sometimes wouldn't truly save unless I did this but sometimes it did - never had a problem once I performed this step)
8. Validate Connection. If this succeeds, you should probably be good.
9. Click Next through to the end but as an added test, perform the Preview just to make sure everything is still good.

These steps will possibly make a change to your pubxml file but it may not. The password is not stored in that file but elsewhere that usually stays out of source control if Visual Studio is managing it. However, I recommend you take the important added step to perform a diff on everything you're committing to source control to make sure this publishing password is not accidentally committed!

Answer 2

The correct solution would be to stop publishing from Visual Studio. Create a small release pipeline in an appropriate tool (like TFS RM, VSO or Octopus Deploy) to deploy your application.

In your .pubxml file you will then enter a bogus password and you will use your continuous deployment pipeline to insert the correct value just in time before deploy. All solutions I mentioned above have detailed access control and the possibility to enter values for substitution that cannot be returned.