But storing sensitive data like password in config files is also not recommended as your files will normally go to a third-party source control system. Best thing to do is to have them stored as secrets in an Azure Vault for instance and your pipeline will then read those values and put them in your config files during deployment.