Encrypting configuration files

Some smartsite configuration files may contain security sensitive information like connection strings and Windows user accounts. These sections can be encrypted to avoid that they may be read by individuals who should not see this information. They can be encrypted with the ConfigEditor and with the command line tools ConfigProtect.

These tools use the configuration protection providers that are installed on your server. Normally these are installed:

  • RsaProtectedConfigurationProvider
  • DataProtectionConfigurationProvider

Example

When the Smartsite.data.config file is not encrypted, a connection string looks like this.

XML CopyCode image Copy Code
<database id="AdventureWorks">
    <connectionstring>Provider=SQLOLEDB.1;Password=secret;Persist Security Info=True;User ID=sa;Initial Catalog=AdventureWorks;Data Source=db1</connectionstring>
</database>
After using encryption, it will look like this.
XML CopyCode image Copy Code
<database id="AdventureWorks">
    <SecureConfigElement provider="RsaProtectedConfigurationProvider">
        <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
            <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
                    <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
                    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                        <KeyName>Rsa Key</KeyName>
                    </KeyInfo>
                    <CipherData>
                        <CipherValue>DHCtkt39bOVhb/nztoqDn5KUUu0TqrFLshYvpsa5AMAsCRyLfndRZqOV2QZwhzGQN8hyDq4ySd05e/NdH+ZeTRXcjKzRzS5qZcymVpEwmfhOl4qUKFTDwEv2DX++0fuqqEzNu/cUkrVJTktvKAUv6OwLmHBI4FINTfXApB8T4nI=</CipherValue>
                    </CipherData>
                </EncryptedKey>
            </KeyInfo>
            <CipherData>
                <CipherValue>YtV+kpkiIixHP8mPEXelN5uj3dQn8CXP/t6Rt51+lgoZNsraAvVd4gnSsuI1AmKkB5+IPvgvz81Cs+RAL0+0VIn7mqBpPcN46h7WzT2Z9ngKwVdHlzUYlnwRJ+h3vSS/m/XkftY1v0uB0HdSs1+rkVoyyuYgCIIJrPm3lHoP88RVPmEHSfYCoiBJ9WGj5LURMvjs8qxYjAf7LsA3vu3POHYs8xJY6Bvi6X+9EsmRoNFI4fe97mHPuCsUD2pPVshT79wcPWyLG8+2jc9Cmp3+48ju+Y4h59GilHA28t0Hg/nnDn2JEJRtcDd3OMDbI2nh</CipherValue>
            </CipherData>
        </EncryptedData>
    </SecureConfigElement>
</database>