I have a windows service which runs in multiple production instances.
The configuration file for this windows service has some secure data which requires encrypting.
Good thing – We have only values that are part of appsettings section to be encrypted.
Bad thing – there are 3rd party black box assemblies which consume some of the secure appsettings keys. which means we cannot switch to a different configuration manager.
So, here are the limitations part of our problem,
- Multiple productions server, so NO Machine based encryption (i dont prefer user profile neither as that puts limitations on the service)
- App settings should be consumable using ConfigurationManager.AppSettings[“Key1”] as usual. so that existing code and black box assemblies are still able to consume them.
Any ideas / suggestions / solutions?
You can use RsaProtectedConfigurationProvider as described in this article linked from the first part of Davide Piras’s answer. Not sure why he deleted the answer, as the first part seems to do exactly what you want.
The article explains how to share the key between multiple servers so that you can use the same encrypted configuration file on all servers. Though this then leaves you with the difficult-to-solve key management problem.
Are you sure you need to share the same encrypted configuration file between all production servers, and therefore use a shared key? An alternative approach is to create a key container with the same name on each production server, and encrypt the file independently on each server. This is a bit more work but goes a long way to solving the key management problem.