Home/ Questions/Q 8225155
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T15:19:12+00:00

I have a C# application that comes with an app.config file. The application is

  • 0

I have a C# application that comes with an app.config file. The application is built on a build server and deployed to multiple users.
I’d like to encrypt the app.config, but I’m not sure about when to do so: If I do it straight after the build, won’t the encryption depend on the build server credentials? How can the application decrypt on other machines? If I do the encryption on the users machine, won’t this leave time when the app.config is unprotected?

Thanks

Edit:
I was considering using DPAPI. It uses the user’s credentials to encrypt and decrypt. This is why I think I might have a problem delivering an encrypted file to the users.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I just read the addition to your post, and I don’t think you actually need encryption at all…

    You say that you intended to use a system that would encrypt/decrypt based on the user’s credentials. That means two things:

    1. You don’t encrypt during build; you can’t use this sort of system during build, for the reasons yoy noted.
    2. You seem to be OK with the users having access to the data. In that case, you should not be using configuration at all, but you should be prompting them for login info (perhaps saving it securely afterward to reuse) or just using their Windows/domain logins.

    Either way, you don’t need to encrypt the file to protect it… you simply need to store the login info, or other config info, as user settings, rather than configuration, which is readable to all users.

    • 0