0

My app stores db connection-strings in an xml config file that is stored under source-control ( svn ).

When deployed in prod, my app needs to retrieve the encrypted strings and decrypt them.

The ability to perform ad-hoc encryption should be limited to the prod operations group -- nobody else should know the raw prod db connection-strings. Only the encrypted prod db connection-strings are checked-in to source-control

The app's ability to decrypt the strings be limited to its deployment in prod. ( In dev/qa , the config file contains connection strings to non-prod dbs , and these are not encrypted. )

I am wondering if a public/private key certs based mechanism could be adapted for this purpose ?

Or what is a minimalist design ?

Are libs/tools available to this end ?

BaltoStar
  • 8,165
  • 17
  • 59
  • 91

1 Answers1

1

For Asp.Net applications, reg_iis can encrypt portions of the web.config file for you.

aspnet_regiis -pef MySecrets .

http://odetocode.com/blogs/scott/archive/2006/01/08/encrypting-custom-configuration-sections.aspx

There's a good article on Code Project that outlines how to use that same mechanism for other types of .NET applications:

ASP.NET offers the possibility to encrypt sections in the web.config automatically. It seems it is not possible for WinForm applications to do that for the app.config. And this is true for a part: WinForms does not offer tools to configure it. But it can be done. It is all .NET. Isn't it? So how do we do it?

http://www.codeproject.com/Articles/18209/Encrypting-the-app-config-File-for-Windows-Forms-A

Eric J.
  • 147,927
  • 63
  • 340
  • 553