How to hide the database connection string in the web.config
Posted on 2012-04-01
I would like to encrypt the database connection string so our developers do not know what the password is to connect to our production database.
We have 3 environments. Dev, test and Prod. Dev and Test I have no issues with the Developer seeing the username and passwords unencrypted in the web.config file. But when moving to the production environment I would like to hide this information from the developer. Do I do the following?
C:\Windows\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis.exe -pe "connectionStrings" -prov "DataProtectionConfigurationProvider" -app "/"
Encrypting configuration section...
and then copy the resulting results to the web.config? Or is their another solution?