Right now we need a secure place to put our connection strings. We would like to place these connection strings in an external file separate from Web.config to make deployments easier, but we also want the information inside to be encrypted for security.
Is there any way to accomplish this using the Aspnet_regiis tool? I understand how to use it to encrypt sections within the Web.config file, and we like how encrypting with this method means that decryption happens for us automatically when the site is being used. But the information I find on this subject seems conflicting.
Encrypt custom config section in ASP.NET using aspnet_regiis
This link to another question seems to suggest that all I have to do is set the external config file up like normal, place the sensitive connection string info inside of it, and run the Aspnet_regiis tool as normal and the external file will be encrypted.
However the response in that link states that Aspnet_regiis cannot be used to encrypt external sections.
So can this be done, and if not, is doing all of this programatically the only way to go?
I just tried this myself, and I can confirm that the Aspnet_regiis tool WILL indeed encrypt connection strings stored in an external config file. In the Web.config file I referred to the externally-defined connection strings using the "configSource" attribute, and they were encrypted after running the tool.