I use Publish (Web Deploy) to deploy MVC and Web API apps to Azure Web Services. When I do this, a .pubxml
file is created and stored in source control but the passwords (understandably) are not in that file.
Now imagine I have 5 developers but I only want 2 of them being able to do deployments. We're good so far for me and the 3 developers that shouldn't be able to do a deployment. But what about that other deployer? Or what if I want to deploy from a second workstation as well (or have to wipe my main workstation)? How am I supposed to restore the deployment passwords for my other machine or allow the other deployer to restore it for himself?
I'm sure going to the Azure Portal to pull down the Publish Profile is part of the solution but what's the rest of the story to do this in a best practices sort of way?
UPDATE: I do not wish to change my deployment process away from publishing from Visual Studio. This is for prototyping applications and I'm not going to invest in scripting out build automation until we have something with much less churn and something we won't be throwing away. But I still will not be putting Azure publish credentials into source control. Microsoft has a vision for how this can be done - that is what I'm looking for.
Side note: I have a Jenkins build server that pushes a suite of 14 applications to 37 different servers in Azure (Cloud Services, App Services, VMs, and more). I get it. But it's not the right solution for this.
The answer to the originally-posted question is this:
userPWD
field.These steps will possibly make a change to your pubxml file but it may not. The password is not stored in that file but elsewhere that usually stays out of source control if Visual Studio is managing it. However, I recommend you take the important added step to perform a diff on everything you're committing to source control to make sure this publishing password is not accidentally committed!