When I deploy a website to an Azure Web Apps target, in addition to the application’s files, two files are deployed which should definitely not be deployed.
The files are azure_website.pfx and Octopus.AzureContext.ps1. How can I prevent these files from being deployed? I noticed that azure_website.pfx is password-encrypted, but it still seems a security risk.
Thanks for getting in touch! I think you’re perfectly correct, these files are used by Calamari to set up the context for further PowerShell scripts to work against the Azure Subscrition. Whilst these files are required on the Octopus Server to orchestrate the deployment to Azure, they should not be deployed as part of the WebApp.
I’ve raised a GitHub Issue for this to be fixed and for you to track its progress: https://github.com/OctopusDeploy/Issues/issues/1856
Thanks for the report, and I hope that helps!