ConfigProtect command line utility

ConfigProtect is a command line utility that gives sytem administrators the ability to encrypt and decrypt parts the smartsite configuration files. In some of the configuration files there is some security sensitive data that you might not want to be readable.

Commands

ConfigProtect allows you to perform the following operations:

Command Explanation
/decrypt Decrypts the given configuration file. All encrypted sections are automatically decrypted.
/encrypt Encrypts the given configuration file. If no xpath parameter is specified, ConfigProtect will encrypt the database connection strings (in Smartsite.data.config) and the windows user accounts (in Smartsite.security.config). Nothing will be encrypted is these sections are not found in the given configuration file. If the xpath parameter is specified, the xml elements selected by the xpath query will be encrypted.
/provider:[name] The given provider will be used for encrypting the configuration file.
/providers Shows a list of the installed providers.
/xpath:[name] When specified, the xml elements selected by this xpath query will be encrypted. Use 'sc:' as the namespace prefix.

To encrypt the connection strings in the Smartsite.data.config file, all you need to do is

ConfigProtect /encrypt Smartsite.data.config

To encrypt the element 'databases' in the Smartsite.data.config file, do this

ConfigProtect.exe /encrypt /xpath:/sc:configuration/sc:smartsite.data/sc:databases Smartsite.data.config

Providers

Usually two providers are installed on a computer, the

  • RsaProtectedConfigurationProvider (usually the default)
  • DataProtectionConfigurationProvider

The most important difference is that configuration files encrypted the DataProtectionConfigurationProvider can only be decrypted on the same machine on which it was encrypted. The RsaProtectedConfigurationProvider on the other hand, has a key in a key container that can be exported and copied to another machine. This makes it possible to have multiple servers using the same encryption key.

Limitations

You cannot encrypt the following files or sections:

  • Within the file Smartsite.config
    • schemaSettings section
    • localization section
  • Smartsite.ImageProcessor.config
  • Smartsite.Pdf.config