Crypt your config files with PowerShell

ASP.Net 2.0 comes with a convenient native support for configuration file encryption. Yet, things are still not that easy for WinForms, Console applications or Windows Services since the aspnet_regiis.exe utility only supports Web Configuration files.

My own ╬╝ISV has its share of distributed applications which involve securing a few connection strings over several machines. Securing the connection strings through encryption is not an ultimate defense (if the attacker gains executions rights on the local machine, connection strings will get disclosed anyway), but it can still save you a lot of trouble such as involuntary disclosure.


I have found a practical way to solve the issue through PowerShell (see the PowerShell team blog for regular tips), namely two functions `crypt-config anddecrypt-config. The source code comes as single PSH script contains the function definitions.

To get started, extract the PS1 file from the Zip archive, then

PS docs:> . ($directory + “\crypt-config.ps1”) ;

PS docs:>crypt-config ‘MyConsole.exe’ ‘section’;

PS docs:>decrypt-config ‘MyConsole.exe’ ‘section’;

Typically, section will be replaced by connectionStrings. Note that you do not need to add the .config at the end of the configuration file path.`

Reader Comments (1)

Notes: if you are just interested in password encryption within PowerShell, just have a look at!13469C7B7CE6E911!273.entry November 1, 2007 | joannes