API - Encrypting ConnectionStrings

Overview

For additional protection against breach of sensitive data, customers may wish to encrypt the database connection information contained within the Issuetrak API’s web.config file. For the encryption process, a tool provided by Microsoft is used, aspnet_regiis.

Full documentation for the aspnet_regiis tool can be found at:
https://msdn.microsoft.com/en-us/library/k6h9cz8h%28v=vs.140%29.aspx

The following batch file can be used to encrypt the “connectionStrings” section of the Issuetrak.API web.config file; however, please note that the version of the batch file that is employed depends on the processor architecture of the operating system. Also, the encryption process must be run on each web server on which the API is deployed.

Before encrypting the “connectionStrings” section of the web.config, ensure that a backup of the web.config file has been made and that appropriate administrative approval to execute the aspnet_regiis utility has been granted.

32-BIT CONNECTIONSTRINGS SECTION ENCRYPTION BATCH FILE:


SET ASPNET_REGIIS_PATH=%WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

SET API_APPLICATION_NAME=Issuetrak.API

:: Encrypt the "connectionString" section within the web.config file.

"%ASPNET_REGIIS_PATH%" -pe "connectionStrings" -site "%API_APPLICATION_NAME%" -app "/" -prov "DataProtectionConfigurationProvider"

64-BIT CONNECTIONSTRINGS SECTION ENCRYPTION BATCH FILE:


SET ASPNET_REGIIS_PATH=%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe

SET API_APPLICATION_NAME=Issuetrak.API

:: Encrypt the "connectionString" section within the web.config file.

"%ASPNET_REGIIS_PATH%" -pe "connectionStrings" -site "%API_APPLICATION_NAME%" -app "/" -prov "DataProtectionConfigurationProvider"

32-BIT CONNECTIONSTRINGS SECTION DECRYPTION BATCH FILE:


SET ASPNET_REGIIS_PATH=%WINDIR%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe

SET API_APPLICATION_NAME=Issuetrak.API

:: Encrypt the "connectionString" section within the web.config file.

"%ASPNET_REGIIS_PATH%" –pd "connectionStrings" -site "%API_APPLICATION_NAME%" -app "/"

64-BIT CONNECTIONSTRINGS SECTION DECRYPTION BATCH FILE:


SET ASPNET_REGIIS_PATH=%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe

SET API_APPLICATION_NAME=Issuetrak.API

:: Encrypt the "connectionString" section within the web.config file.

"%ASPNET_REGIIS_PATH%" –pd "connectionStrings" -site "%API_APPLICATION_NAME%" -app "/"