Store encrypted AppSettings and ConnectionStrings in a database

Do you have connectionStrings and appSettings with potentially sensitive data spread all over your network in various web.configs?

Do you worry about your database userids and passwords saved in source control?

I set out to solve this problem and created DBConfigurationManager. It is available as a NUGET package : https://www.nuget.org/packages/DBConfigurationManager/

DBConfigurationManager allows you to store your appSettings and ConnectionStrings in a database table. There is nothing you need to do in the code. You continue using

ConfigurationManager.AppSettings[“”] and ConfigurationManager.ConnectionStrings[“”]

When you install the package, it gives you the TABLE script you need to hold the configuration information.

pic1

as well as adds a connectionString to your web.config to point to the configuration datastore.

pic2.PNG

It is a great way to centralize your appSettings and ConnectionStrings. If you are worried about security, you could easily use SSPI and connect to the configuration database using the AppPoolIdentity or Service Account you are running your website under.

New in Version 2.0.0.0

  • Ability to encrypt your settings in the database.
  • You can either use MachineKey to encrypt or, a secret key using MD5 encryption.
  • Also, included is a tool (look in your bin folder) called StringEncryptor to create your encrypted settings.

TOOL to encrypt your Settings

pic3