Sometimes you need to have sensitive information in your config files, information that you would like to hide from other people with access to the sourcefiles. That could be database credentials placed in the section, as in this example:

To encrypt the section use the aspnet_regiis tool provided as a part of the specific .net version. You find it in the \Windows\Microsoft.Net\Framework\v2.0.50727 directory, if you are running .net version 2.

aspnet_regiis -pe “appSettings” -app “/YourWebApp”

That will change the section in your web.config to look something like this:

    
  
   
   
    
     
     
      Rsa Key
     
     
      L9Q9ePobkZR +++ 
     
    
   
   
    Is42Ajvxkd1Ol1iILS +++

You can still use the standard ConfigurationSettings methods to read the values, without doing anything to your code. If you want to revert the encryption, simply use the aspnet_regiis tool with the -pd switch like this:

aspnet_regiis -pd “appSettings” -app “/YourWebApp”