Something I need to point out here is that this technique will also work for web.config files. If you need to remove sensitive information from your configuration file, move it to another file so that it doesn't get included in your source control check-in or deployment.