Skip to Content

Encrypted database connection information

Vinyl can load database connection information from one of several locations, including:

  • bin\Connection.xml
  • Config\ConnectionInfo.config
  • Environment variables

Typically, the database connection information is stored in plain text. However, Vinyl allows administrators to protect the database connection information while at rest. Specifically, Vinyl leverages .Net's built-in support for encrypted configuration sections to protect connection information stored in the ConnectionInfo.config file.

Vinyl provides several installation scripts that can be used to set and protect the connection information, including:

Consult the linked topics for additional information.

Known issues and limitations

Vinyl uses the DataProtectionConfigurationProvider to encrypt the connection information. Vinyl does not support the use of the RSAProtectedConfigurationProvider provider. The DataProtectionConfigurationProvider uses DPAPI with the Machine Store. This allows anyone with sufficient privileges on the machine to decrypt the connection information.

Only the ConnectionInfo.config file can be protected, not the Connection.xml file.


For Vinyl 3.1+, encyrpting connection information is no longer supported. Instead we recommend using environment variables for sensitive information. See the Configuring Vinyl on startup article for more information.