Right now we need a secure place to put our connection strings. We would like to place these connection strings in an external file separate from Web.config to make deployments easier, but we also want the information inside to be encrypted for security.
Is there any way to accomplish this using the Aspnet_regiis tool? I understand how to use it to encrypt sections within the Web.config file, and we like how encrypting with this method means that decryption happens for us automatically when the site is being used. But the information I find on this subject seems conflicting.
Encrypt custom config section in ASP.NET using aspnet_regiis This link to another question seems to suggest that all I have to do is set the external config file up like normal, place the sensitive connection string info inside of it, and run the Aspnet_regiis tool as normal and the external file will be encrypted.
http://www.velocityreviews.com/forums/t722875-encrypting-external-config-section.html However the response in that link states that Aspnet_regiis cannot be used to encrypt external sections.
So can this be done, and if not, is doing all of this programatically the only way to go?
