Encrypted Database Connection Information¶
Vinyl can load database connection information from one of several locations, including:
bin\Connection.xml
Config\ConnectionInfo.config
- Environment variables
Typically, the database connection information is stored in plain text. However, Vinyl allows administrators to protect the database connection information while at rest. Specifically, Vinyl leverages .Net's built-in support for encrypted configuration sections to protect connection information stored in the ConnectionInfo.config
file.
Vinyl provides several installation scripts that can be used to set and protect the connection information, including:
Consult the linked topics for additional information.
Known Issues and Limitations¶
Vinyl uses the DataProtectionConfigurationProvider
to encrypt the connection information. Vinyl does not support the use of the RSAProtectedConfigurationProvider
provider. The DataProtectionConfigurationProvider
uses DPAPI with the Machine Store. This allows anyone with sufficient privileges on the machine to decrypt the connection information.
Only the ConnectionInfo.config
file can be protected, not the Connection.xml file.
Important
For Vinyl 3.1+, encyrpting connection information is no longer supported. Instead we recommend using environment variables for sensitive information. See the Configuring Vinyl on Startup article for more information.