Anders G. Nordby

Senior Systems Consultant at CGI

Tag Archives: encryption

Encrypting config files

In the solution I’m currently working on, we have several websites (up to four on each server), and I thought it would be a good idea to make the encryption of config settings as easy as possible. ‘

First, if you don’t have an RSA Keys Container, you should go ahead and create one:

cd %windir%\Microsoft.NET\Framework\v4.0.30319
aspnet_regiis -pc "RsaKeys"
aspnet_regiis -pa "RsaKeys" "{the-user-your-site-is-running-as}"

Next, I created this bat-file:

@echo off
cd \Windows\Microsoft.NET\Framework\v4.0.30319

if %1.==. GOTO :END
set "findid1=id:%1,"
echo ------------------------------------------ 
%windir%\System32\inetsrv\appcmd list site | find "%findid1%"
echo ------------------------------------------ 

echo -- Encrypting connectionStrings
aspnet_regiis -pe "connectionStrings" -app "/" -site "%1"
echo -- Encrypting appSettings
aspnet_regiis -pe "appSettings" -app "/" -site "%1"
echo -- Encrypting machineKey
aspnet_regiis -pe "machineKey" -app "/" -site "%1"
echo ------------------------------------------ 


if %2.==. GOTO :END
set "findid2=id:%2,"
echo ------------------------------------------ 
%windir%\System32\inetsrv\appcmd list site | find "%findid2%"
echo ------------------------------------------ 

echo -- Encrypting connectionStrings
aspnet_regiis -pe "connectionStrings" -app "/" -site "%2"
echo -- Encrypting appSettings
aspnet_regiis -pe "appSettings" -app "/" -site "%2"
echo -- Encrypting machineKey
aspnet_regiis -pe "machineKey" -app "/" -site "%2"
echo ------------------------------------------ 


if %3.==. GOTO :END
set "findid3=id:%3,"
echo ------------------------------------------ 
%windir%\System32\inetsrv\appcmd list site | find "%findid3%"
echo ------------------------------------------ 

echo -- Encrypting connectionStrings
aspnet_regiis -pe "connectionStrings" -app "/" -site "%3"
echo -- Encrypting appSettings
aspnet_regiis -pe "appSettings" -app "/" -site "%3"
echo -- Encrypting machineKey
aspnet_regiis -pe "machineKey" -app "/" -site "%3"
echo ------------------------------------------ 


if %4.==. GOTO :END
set "findid4=id:%4,"
echo ------------------------------------------ 
%windir%\System32\inetsrv\appcmd list site | find "%findid4%"
echo ------------------------------------------ 

echo -- Encrypting connectionStrings
aspnet_regiis -pe "connectionStrings" -app "/" -site "%4"
echo -- Encrypting appSettings
aspnet_regiis -pe "appSettings" -app "/" -site "%4"
echo -- Encrypting machineKey
aspnet_regiis -pe "machineKey" -app "/" -site "%4"
echo ------------------------------------------ 

:END
echo Done!

Now, as part of my deploy routine, I can for example run this command:

encrypt 1 2 3 4

I’ll then see what sites are encrypted.

A few links I found helpful: