Encrypting Configuration Sections

This topic describes how to encrypt configuration sections of the customer.config file (Automic\Release.Manager\WebUI\customer.config).

To Encrypt Configuration Sections

  1. Create a copy of the web.config file (c:\Automic\ARA\WEBUI\web.config) and name it web1.config.
  2. Copy the content of the customer.config file (except the first line - header).
  3. In the web.config file replace the <Customer configSource="customer.config" /> line with the contents of your clipboard.
  4. Remove the following line:

    <section name="Customer" type="Ventum.Bond2.CustomerConfigurationHandler, Ventum.Bond2.Services.Impl"/>

  5. Save your changes and close the file.
  6. To encrypt a specific section in your web.config you can use the aspnet_regiis utility and run the following command:

    • If you have a .Net App:

      C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe -pe "Customer" -site "myARASite" -app "/myARAInstance"

      (alias that is configured in IIS)

    • If you do not have a .Net App but only a Website:

      C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe -pe "Customer" -site "myARASite" -app "/"

    • If you have neither a .Net App nor a Website:

      1. Navigate to the folder containing the web.config file.
      2. In the command line run: c:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -pef "Customer" .

      Notes:

      • This command has to be executed on the server where IIS is located. You may decrypt the section again with the -pdf switch.
      • By default the system writes a sanitized version of the customer configuration as header of the primary log file. This sanitized version does not contain any password. The logging of customer.config to the header of the log file can be disabled by adding the following line to the AppSettings section of the web.config file: <add name="LogCustomerConfig" value="false" />
  7. Copy the whole Customer section in the encrypted web.config and replace the old content in the customer.config file (except the header) with the copied content.
  8. Delete the web.config and rename the web1.config back to web.config.

See also:

Security and System Hardening