Dec 8, 2011 at 10:59 PM
Edited Dec 9, 2011 at 4:14 AM
The "key" step that you will need to do is to export and import the RSA Key Container. See Importing and Exporting Protected Configuration RSA Key Containers
for the full steps involved.
Will the configuration be encrypted during the build process (by development/release management) or during the (pre) deployment process (by operations)?
If it will be done during build then: create a key container, export the key container, modify the connection string, encrypt the section, and supply the exported key
container as part of the deployment. During deployment import the key container and everything should just work.
If the encryption will be done during deployment then you can supply an encrypted or unencrypted configuration. If it is encrypted you would also supply your
key container so that it could be imported. Then the section can be unencrypted using the development key, the settings modified, and the section encrypted using the
production key (that would have to be created).
You can use
aspnet_regiis to perform the encryption/decryption/key maintenance in addition to the encryption/decryption done by the configuration tool.
Enterprise Library support engineer