Encryption
Is there a good way to encrypt/decrypt sensitive configuration sections in the web.config file? I was thinking of trying to have the Aspnet_regiis.exe command run as a pre-build event, but I'm not quite sure what it would take to get that set up. Is there some documentation on how to do this, or is there some other simpler approach?
FYI, I'm referencing this article from MSDN: http://msdn.microsoft.com/en-us/library/zhhddkxy.aspx
Discussions are closed to public comments.
If you need help with AppHarbor please
start a new discussion.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by rune on 12 Feb, 2011 08:11 AM
Hi Gregory,
That's an interesting question. Currently you couldn't really benefit from the aspnet_regiis tool because it'll use the local machine's key to encrypt the data. As the build servers are running separately from the web servers, this would cause the web servers that the site is running on be unable to decrypt the web config file.
As I understand it, you'll have to provide your own RSA key, so that we could distribute that to the web servers that your app is running on. We haven't implemented such a feature, but it could probably be nice to support something like that somehow - feel free to add config file encryption to our feedback page on appharbor.com/feedback !
Any specific reason you want to encrypt your web.config?
Best regards,
Rune
rune closed this discussion on 12 Feb, 2011 08:11 AM.