ConfigProtect command line utility

ConfigProtect is a command line utility that gives sytem administrators the ability to encrypt and decrypt parts the smartsite configuration files. In some of the configuration files there is some security sensitive data that you might not want to be readable.


ConfigProtect allows you to perform the following operations:

Command Explanation
/decrypt Decrypts the given configuration file. All encrypted sections are automatically decrypted.
/encrypt Encrypts the given configuration file. If no xpath parameter is specified, ConfigProtect will encrypt the database connection strings (in and the windows user accounts (in Nothing will be encrypted is these sections are not found in the given configuration file. If the xpath parameter is specified, the xml elements selected by the xpath query will be encrypted.
/provider:[name] The given provider will be used for encrypting the configuration file.
/providers Shows a list of the installed providers.
/xpath:[name] When specified, the xml elements selected by this xpath query will be encrypted. Use 'sc:' as the namespace prefix.

To encrypt the connection strings in the file, all you need to do is

ConfigProtect /encrypt

To encrypt the element 'databases' in the file, do this

ConfigProtect.exe /encrypt /xpath:/sc:configuration/


Usually two providers are installed on a computer, the

  • RsaProtectedConfigurationProvider (usually the default)
  • DataProtectionConfigurationProvider

The most important difference is that configuration files encrypted the DataProtectionConfigurationProvider can only be decrypted on the same machine on which it was encrypted. The RsaProtectedConfigurationProvider on the other hand, has a key in a key container that can be exported and copied to another machine. This makes it possible to have multiple servers using the same encryption key.


You cannot encrypt the following files or sections:

  • Within the file Smartsite.config
    • schemaSettings section
    • localization section
  • Smartsite.ImageProcessor.config
  • Smartsite.Pdf.config