A typical way to do this in place is to use DPAPI on the same machine. Of course, this has problems on the web farm. To get around this, you can use one key on each machine and encrypt. The easiest way to do this is to use certificate-based encryption.
Nothing relates to the Azure SQL messages referenced by Michael, but it was the longest series ever to offer you to use the PKCS12 configuration provider . The only reason for using this provider is that it works in conjunction with the built-in ASP.NET tool, which can automatically read from appSettings. This does not help with the ServiceConfiguration that needs to be changed.
If all you want to do is secure settings protection (usually in ServiceConfig), and you do not mind writing a utility class for this, you can use these two functions with any certificate (with private key) loaded into Windows Azure. This is exactly how the password for remote access is encrypted in the service configuration.
Encryption:
var passwordBytes = UTF8Encoding.UTF8.GetBytes(" p@ssw0rd "); var contentInfo = new ContentInfo(passwordBytes); var thumb = "F49E41878B6D63A8DD6B3650030C1A06DEBB5E77"; var env = new EnvelopedCms(contentInfo); X509Store store = null; try { store = new X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); var cert = store.Certificates.Cast<X509Certificate2>().Where (xc => xc.Thumbprint == thumb).Single(); env.Encrypt(new CmsRecipient(cert)); Convert.ToBase64String(env.Encode()).Dump(); } finally { if (store != null) store.Close(); }
Decrypt:
var thumb = "F49E41878B6D63A8DD6B3650030C1A06DEBB5E77"; var cipherText = "MIIBrwYJKoZIhvcNAQcDoIIBoDCCAZwCAQAxggFgMIIBXAIBADBEMDAxLjAsBgNVBAMTJWR1bm5yeTd0YWIucmVkbW9uZC5jb3JwLm1pY3Jvc29mdC5jb20CECNRAOTmySOQTA2HuEpAcD4wDQYJKoZIhvcNAQEBBQAEggEAkIxJNnCb1nkZe3Gk2zQO8JQn2hOYM9+O9yx1eprTn7dCwjIlYulUMIYwFCMDI7TiYCXG7cET2IP/ooNBPYwxzAvEL5dUVIMK9EDE0jyRP3sGPGiSvG0MW8+xZuQx4wMGNSwm2lVW1ReVRGEpTeTcUFSBCPvXsULpbqCqXtSTgjsHngxgOKjmrWBIdrxCDxtfzvNPgSQ2AVqLTRKgFTN9RHUwJJ2zhGW+F+dBfxai3nlr7HN7JKiIdlNA0UjCd/kSIZqNfPlvd2V58RBMpkW+PEp3vpBa/8D/fhU3Qg/XBNXhroES7aVDB5E16QYO6KgPdXMCpLcQ4e9t1UhokEwUizAzBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECEImLeoQJeVkgBCQ94ZxmHnVkBWrID+S4PEd"; X509Store store = null; try { store = new X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); var cert = store.Certificates.Cast<X509Certificate2>().Where (xc => xc.Thumbprint == thumb).Single(); var bytes = Convert.FromBase64String(cipherText); var env = new EnvelopedCms(); env.Decode(bytes); env.Decrypt(); Encoding.UTF8.GetString(env.ContentInfo.Content).Dump(); } finally { if (store != null) store.Close(); } ooNBPYwxzAvEL5dUVIMK9EDE0jyRP3sGPGiSvG0MW8 + xZuQx4wMGNSwm2lVW1ReVRGEpTeTcUFSBCPvXsULpbqCqXtSTgjsHngxgOKjmrWBIdrxCDxtfzvNPgSQ2AVqLTRKgFTN9RHUwJJ2zhGW + F + dBfxai3nlr7HN7JKiIdlNA0UjCd / kSIZqNfPlvd2V58RBMpkW + PEp3vpBa / 8D / fhU3Qg / XBNXhroES7aVDB5E16QYO6KgPdXMCpLcQ4e9t1UhokEwUizAzBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECEImLeoQJeVkgBCQ94ZxmHnVkBWrID + S4PEd"; var thumb = "F49E41878B6D63A8DD6B3650030C1A06DEBB5E77"; var cipherText = "MIIBrwYJKoZIhvcNAQcDoIIBoDCCAZwCAQAxggFgMIIBXAIBADBEMDAxLjAsBgNVBAMTJWR1bm5yeTd0YWIucmVkbW9uZC5jb3JwLm1pY3Jvc29mdC5jb20CECNRAOTmySOQTA2HuEpAcD4wDQYJKoZIhvcNAQEBBQAEggEAkIxJNnCb1nkZe3Gk2zQO8JQn2hOYM9+O9yx1eprTn7dCwjIlYulUMIYwFCMDI7TiYCXG7cET2IP/ooNBPYwxzAvEL5dUVIMK9EDE0jyRP3sGPGiSvG0MW8+xZuQx4wMGNSwm2lVW1ReVRGEpTeTcUFSBCPvXsULpbqCqXtSTgjsHngxgOKjmrWBIdrxCDxtfzvNPgSQ2AVqLTRKgFTN9RHUwJJ2zhGW+F+dBfxai3nlr7HN7JKiIdlNA0UjCd/kSIZqNfPlvd2V58RBMpkW+PEp3vpBa/8D/fhU3Qg/XBNXhroES7aVDB5E16QYO6KgPdXMCpLcQ4e9t1UhokEwUizAzBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECEImLeoQJeVkgBCQ94ZxmHnVkBWrID+S4PEd"; X509Store store = null; try { store = new X509Store(StoreName.My, StoreLocation.CurrentUser); store.Open(OpenFlags.ReadOnly); var cert = store.Certificates.Cast<X509Certificate2>().Where (xc => xc.Thumbprint == thumb).Single(); var bytes = Convert.FromBase64String(cipherText); var env = new EnvelopedCms(); env.Decode(bytes); env.Decrypt(); Encoding.UTF8.GetString(env.ContentInfo.Content).Dump(); } finally { if (store != null) store.Close(); }