Hi
Is it possible to encrypt the storage connection strings in cscfg file.
I know how to encrypt web.config connection strings. I want to know if the same can be done in cscfg files
Thanks
Manu
Technology Tips and News
Hi
Is it possible to encrypt the storage connection strings in cscfg file.
I know how to encrypt web.config connection strings. I want to know if the same can be done in cscfg files
Thanks
Manu
I believe you can do it.
You could create a cetificate, encrypt the setting with the cert, upload the cert via the Windows Azure portal so your role instance can access it, and then at runtime decrypt using the same cert.
(That's pretty much the same way people achieve web.config encryption.)
Thanks
The solution you describe is manual. Is there a way to protect the strings without all this heavy lifting?
In web.config you can do that. (aspnet_regiis or system.configuration.configSection API)
Is there a way to protect the connection strings using the Infrastructure?
Manu
This codeplex project deals with encrypting web.config. Will it work on cscfg file?
Manu
Proper solution is yet to come. Azure team itself had to come up with a solution while storing Remote Desktop Credentials. What they did was to add two settings: 1 for the encrypted data and 1 for certificate thumbprint. During runtime, they use the thumbprint
to fetch certificate (which was uploaded in a secure way) to decrypt the credentials.
I've placed a feature request at Azure's Feedback website: http://feedback.azure.com/forums/34192--general-feedback/suggestions/9025255-certificate-based-settings-encryption
In my company, we decided to store settings as strings with the following pattern:
<Setting name="MySecret" value="CertThumb:5813C4...842B2|EncryptedData:QmFzZTY0IGlzIGEgZ2VuZXJpYyB0Z..." />The utility class detects "CertThumb" header and decrypts data keyed by "EncryptedData". If "CertThumb" is not present, it returns whole content of 'value' attribute.
We have a command line utility which performs back-forth encryption of .cscfg files thus inspection is a breeze.
I'll probably open source that at some point...