How to configure TeamCity with private files?

Question

I'm setting up TeamCity for Continuous Integration and (hopefully) Continuous Deployment. Some of the build steps will involve private files, e.g.

• .snk files for strong naming .NET assemblies
• password/token files for publishing artifacts (for example to NuGet or CodePlex)

Since these files contain private data I don't want to put them into the (publicly accessible) source control system.

I'm setting up http://teamcity.codebetter.com for AutoFixture so I don't have physical access to the server. I was hoping for a feature that would let me upload such files, but can't find anything of the kind.

What would be the most appropriate solution?

Answer 1

TeamCity supports multiple VCS roots, so you could just add an extra VCS root with these private files.

Obviously this would require that the second repository is private - but that is what you want any way. Having those files in source control is a great thing.

Answer 2

I would put the files I needed in source control but I would first encrypt them. I would then set up a parameter in the build which was the passphrase or key required to decrypt the files. The build would decrypt the files do whatever signing or publishing was needed with them and then delete them (wipe them if the system allows for such). This should be enough to keep things safe unless team city is compromised and if it is you're basically sunk anyway.

Depending on the source control tools you use it might be possible to set the files to only be visible by certain authenticated users. Perforce certainly has this capability but I've never seen anything for the more popular DVCS systems.