Encrypt and Decrypt Configuration File Sections from a Command Line

Encrypt and Decrypt Configuration File Sections from a Command Line

You may find that you need to encrypt some sections of configuration files (such as Web.config) to protect sensitive information. Yet you may also need to decrypt that information to debug a running application.

You can do that in .NET 2.0 and higher using the aspnet_regiis.exe command-line utility. The utility supports two kinds of encryption methods or providers: the Windows Data Protection API (DPAPI) provider or the RSA provider. The RSA provider is the default.

For example, to encrypt the connectionStrings section in a Web.config file, open a command prompt and enter the following on a single line (substituting the appropriate path for the one shown in the example):

aspnet_regiis.exe -pef "connectionStrings"    "C:InetpubwwwrootYourWebSite"    prov "RSAProtectedConfigurationProvider"

To decrypt the same section, use:

aspnet_regiis.exe -pdf "connectionStrings" "C:InetpubwwwrootYourWebSite"

Note that you can’t encrypt “section groups” such as or ;you may encrypt only “sections”—and there are restrictions on those as well. For example, sections that you may not encrypt include , , and , because the ASP.NET/ISAPI engine needs access to them.

See also  Monetize TikTok For Your Business

About Our Editorial Process

At DevX, we’re dedicated to tech entrepreneurship. Our team closely follows industry shifts, new products, AI breakthroughs, technology trends, and funding announcements. Articles undergo thorough editing to ensure accuracy and clarity, reflecting DevX’s style and supporting entrepreneurs in the tech sphere.

See our full editorial policy.

About Our Journalist