Store encrypted AppSettings and ConnectionStrings in a database

Do you have connectionStrings and appSettings with potentially sensitive data spread all over your network in various web.configs?

Do you worry about your database userids and passwords saved in source control?

I set out to solve this problem and created DBConfigurationManager. It is available as a NUGET package :

DBConfigurationManager allows you to store your appSettings and ConnectionStrings in a database table. There is nothing you need to do in the code. You continue using

ConfigurationManager.AppSettings[“”] and ConfigurationManager.ConnectionStrings[“”]

When you install the package, it gives you the TABLE script you need to hold the configuration information.


as well as adds a connectionString to your web.config to point to the configuration datastore.


It is a great way to centralize your appSettings and ConnectionStrings. If you are worried about security, you could easily use SSPI and connect to the configuration database using the AppPoolIdentity or Service Account you are running your website under.

New in Version

  • Ability to encrypt your settings in the database.
  • You can either use MachineKey to encrypt or, a secret key using MD5 encryption.
  • Also, included is a tool (look in your bin folder) called StringEncryptor to create your encrypted settings.

TOOL to encrypt your Settings



How to bust/clear DonutCache in MVC

Let us say you have an MVC controller/action which is donutcached like below. And you want to bust the cache for some reason. An example would be. You cache a partial view for 24 hours, but give the user a refresh button to allow him to manually refresh it if he wishes to.

NOTE: you cannot use web.config based cacheprofiles for MVC. It just doesn’t work, so DonutCache is being used for that.

[DonutOutputCache(CacheProfile = "CachedAction")]
public ActionResult CachedAction(string id)
return View();

Here is the web.config

	  <outputCache enableOutputCache="true" />
			<add name="CachedAction" duration="14100" varyByParam="*" location="Any" />

Normally, in the javascript if you just call $.ajax() and request that action, it will just come back with the cached copy. The trick here is to first bust your server cache. So, you can create another action like so.

public void BustCache(string id)
var Ocm = new OutputCacheManager();
RouteValueDictionary rv = new RouteValueDictionary();

if (!string.IsNullOrEmpty(id))
rv.Add("id", id);
Ocm.RemoveItems("controller", "cachedaction", rv);

Finally you would simply make two ajax calls. First, you bust your cache and then you call your regular MVC action to get your content.

$.get('@Url.Action("bustcache", "controller"');
$.get('@Url.Action("cachedaction", "controller")');