We are looking at pushing more application configuration management into Octopus. With Service Fabric, you can specify config overrides in a publish profile file which will customize the application settings on deploy. My questions are, it appears that those publish profiles have to be in the package when deploying to service fabric for Octopus. Are you expecting that our build system to bring in the config for all environments and package that? My concern surrounds having potentially sensitive production configuration settings checked in or accessible to the CI environment. Can octopus pull those publish profile settings from elsewhere? What is your best practice regarding this?
Thanks for getting in touch.
We recommend using variable substitution with configuration transforms in your publish profile (and any other application xml files for Service Fabric application packages). So you’d setup these variables in your Octopus project and reference them via the variable substitution syntax, and they’d be replaced during the deployment to your given environment(s).
This way your sensitive configuration data is safe and secure in your deployment pipeline, and not embedded in your source control / nothing your build system.
You can see an example of variables being used in the Version Automation documentation for Service Fabric.
Hope this helps.