If you natively encrypt an SSIS package using Encrypt all with password (EncryptAllWithPassword), identified from MS as: “Uses a password to encrypt the whole package. The package is encrypted by using a password that the user supplies when the package is created or exported. To open the package in SSIS Designer or run the package by using the dtexec command prompt utility, the user must provide the package password. Without the password the user cannot access or run the package.” Does this mean that all data WITHIN the package is also encrypted? Or just the surrounding package and how it is trasmitted?
The reason I am asking is, I am relatively new to SSIS and my client is being extremely careful with how their data is sent over the internet. If I create an SSIS package and set the protection level to Encrypt All With Password, can I safely say that everything in that package is secure until it’s run with the proper password? Or do I need to take a different approach.
Encrypt all data with password – uses an arbitrary password provided by the package designer to encrypt entire package content, applying Triple DES cipher algorithm. The password is required in order to open, import, export, or execute the package. Since its content is obfuscated, attempting to view it directly does not provide any meaningful insight into its structure.
http://www.databasejournal.com/features/mssql/article.php/3898676/Securing-the-Content-of-SSIS-Packages.htm