Replacing web.config settings from DevOps variables when using Deployment API

Nat
Nat
Vote:
 

I cant find any information for updating web.config settings when using the deployment API. so updating the sendgrid api username/password for instance.

I was doing this using the paramters.xml and a replace token task when using web deploy. 

Can someone point me in the right direction for getting this setup when using the deployment api please, as this is deploying a nupkg which his basically a zip, and there doesnt seem to be the paramters.xml/setparameters.xml when using this method.

Do i in fact need to update the config as part of the package creation instead?

thanks

#256567
Edited, Jun 14, 2021 10:28
Vote:
 

Hi,

When you're deploying using the deployment API, the config transforms for your target environment will be run so, if you replace your values in the transforms (e.g. web.integration.config) rather than directly in web.config before building your package, the correct values should be applied when the package is deployed.

#256578
Jun 14, 2021 13:49
Vote:
 

As Paul said above you want the config transforms in the package you push. They will be applied against the root web.config, you can see the structure of the config files as shown here https://world.episerver.com/documentation/developer-guides/digital-experience-platform/deploying/episerver-digital-experience-cloud-deployment-api/deploy-using-code-packages/code-packages/ 

So the steps should be

  1. Create web.config transforms in solution for Integration, Preprproduction and Production
  2. Build in Azure Devops, with the website in the wwwroot primary folder of the generated package and make sure the transforms for the web.config (and any other .config files) are included.
  3. Push the package to Episerver (using Epinova addon or Powershell)
  4. Deploy to target environment. Selected environment will tranform the correct config against the base .config file as part of the process
#256581
Edited, Jun 14, 2021 14:37
Nat
Vote:
 

Thanks for the replies,

its not the transforms as much as the replacement of secrets that are not in the code, which in the old process were done as part of the 'release' process. But seems when using the deployment API these secret replacements need to happen as part of the 'pipeline' (build) instead. Which I guess means the package has the secrets already in the web.config (or transforms files), rather than them being applied on deployment to the app service.

Just wanted to make sure there was no way to do this as part of the release when using the Deployment API - which seems a 'safer' place to do it.. although only marginally I suppose.

thanks

#256582
Jun 14, 2021 14:46
Vote:
 

No there's no way of doing that in the deployment API. There 4 ways you can do this in normal application would be

  1. Store in repo
  2. Store in Azure Devops
  3. Store on the Web App configuration
  4. Use Azure Keyvault https://docs.microsoft.com/en-us/azure/key-vault/ 

You are unlikely to be able to use 3 as Episerver don't usually allow you to change settings on the web app. Azure keyvault is very popular for credential storage now. But if you don't want to use that the best place would be Azure Devops as you said, they would then as stated go in to the nuget package so if someone had access they would get it.

#256583
Edited, Jun 14, 2021 14:54
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.