Best practices for private config data and connection strings in configuration in ASP.NET and Azure

A reader emailed asking how to avoid accidentally checking in passwords and other sensitive data into GitHub or source control in general. I think it's fair to say that we've all done this once or twice - it's a rite of passage for developers old and new. The simplest way to avoid checking in passwords and/or connection strings into source control is to (no joke) keep passwords and connection strings out of your source. Sounds condescending or funny, but it's not, it's true. You can't check in what doesn't exist on disk.