Should I add my Metro app's TemporaryKey.pfx file to version control?

Question

I've created a Metro-style C#/XAML application, and now I'm trying to add it to version control (Git and, later, GitHub). That means figuring out which files belong in version control and which don't.

When I created my Metro project, Visual Studio added a file to it called ProjectName_TemporaryKey.pfx. From what I've read, .pfx files apparently have something to do with code signing or certificates or something like that. I haven't found anything yet that explains exactly what they mean in the context of Metro-style apps, or how you're supposed to manage them.

I'm planning to push my code to GitHub (in a public repository). Longer-term, I plan to put my app in the Windows store. If the .pfx file is required to build the project, then I'd better check it in. If it contains a digital identity that identifies me as the app's author, and publishing it would let anyone on the Internet push new versions of my app to the Windows store without my knowledge, then I'd better not check it in.

So my question is, is there anything secret in the TemporaryKey.pfx file? Should I check it into my public repository, or should I leave it out of source control? (And what would break if I didn't put it into source control, but then wanted to check out my code on another computer?)

Answer 1

The .pfx is used at the temporary code certificate to sign your app for deployment to your machine so you can debug. You can remove it, but a new temporary key will need to be generated (via the Packaging tab in the package.appxmanifest dialog). I always leave it in the code I post since it is easier on the person using the code (i.e., no error messages). If you look at some other WinRT source projects (MVVMLight, for example) they also include the .pfx for convenience.

If I understand things correctly, the temp .pfx is replaced during the Store submission process so you do not need to worry about the temp .pfx being used by someone else.