I deploy my code to GitHub most of the time. As I can't really afford / be bothered to pay for a GitHub premium account, this means I am forced to make all of my repositories public. Now this presents a problem; I have connection strings with sensitive information such as passwords and IP addresses that I do not necessarily want to be shouting from the roof-tops. So how do we deploy a `Web.config` file using the normal Deployment from Source Control option in Azure but avoid exposing sensitive information? There are many solutions to this problem; one solution is to purely use the Azure Configuration section to store sensitive data and access that data using the CloudConfigurationManager class. However, in some circumstances, this is not appropriate - for instance if you want to refer to a local database or a multitude of other reasons I can't think of right now!

The cleanest solution I have found is this: First you should insert a "dummy" entry into your local "main" web.config file that looks something like the below:

<connectionStrings>
<add name="MainConnection" connectionString="" />
</connectionStrings>

Note that the `connectionString` value is purposefully left blank. Now inside of the Windows Azure Web App configuration page, navigate to the "Configure" tab and scroll down to the Connection Strings section and add in a new entry with the same name as the value in your "physical" Web.config.

When the build process is triggered (through continuous deployment from source control), the blank connectionString value in your Web.config file will automatically be replaced with the sensitive information from the Azure configuration page. This is clean and simple to organize & understand and saves you committing sensitive data to your publicly viewable GitHub repository. Finally for local development, when you need to access the contents of this connection string you would either use the CloudConfigurationManager class or alternatively create a separate development web.config file that you exclude from git in your `.gitignore` file where you keep the sensitive data for local testing purposes only.