At the moment I'm running Visual Studio Team Services with a private code repository containing my project. I've got continuous integration set-up which grabs new code, builds it, runs unit tests and then published everything onto an Azure website. Works great.
Now the time is ripe to go open source with the code. I want to move everything over to GitHub, but still use the VS Team Services for build, test and deploy. I was tidying up stuff I don't want in the public repo (appsettings, connection string). For the webapp itself it's rather simple, all of the 'private' stuff I've moved to the Azure portal and removed from the web.config. Settings are overwritten automatically and I can check-in a web.config which doesn't contain any sensitive data.
But then I came to my unit test project. Hmmm, now what? I don't want to check in my settings file as it is now, but the tests rely on those settings. So what's good practice to make sure the tests can run without exposing my settings in a public repo?
Apologies beforehand as this question probably has been answered already, but I could find anything that really describes this particular problem.
You can check in a web.config file without any sensitive data and then use Replace Tokens task to populate the web.config file with valid information during the build. The string used to populate the web.config file is stored in the build definition variables, so it won't be available for public people.