How to encrypt/decrypt Sitecore connection strings

Sitecore as every other .NET application supports encryption of the connection strings. You can use that feature to secure your connection strings and reduce the chances that someone will steal your passwords to your databases.

It is important to remember that:

  • encryption and decryption are done in the scope of the server
  • encryption and decryption are done in the scope of the application

Alright, but what do the above statements mean in real life?

It means that connection strings files encrypted for one application on one server will not work on different servers and different applications. You need to repeat encryption/decryption for every environment you have and for every application you have.

Sounds like a lot of work – well, security has its own price.

Before you start encrypting your files you need to verify if connectionStrings.config file contains “configBuilders” attribute in the “connectionStrings” node:

If the “configBuilders” attribute is there – you have to remove it.

As a next step, you have to find the aspnet_regiis.exe file in your environment – usually, you will find it in your Microsoft.NET\Framework64 folder. In my case it was the path:

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe

When you find it you have everything to run encryption and decryption commands.

To encrypt connectionStrings file you need to run:

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -pef "connectionStrings" D:\inetpub\wwwroot\sc10-dev-cd.localhost

To decrypt connectionStrings file you need to run:

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -pdf "connectionStrings" D:\inetpub\wwwroot\sc10-dev-cd.localhost

And this is basically it, easy peasy lemon squeezy!