- I know I can encrypt sections of my web.config to protect sensitive data.
- I know that the machinekey is used to encrypt/decrypt the section(s).
- I know that I'm hosting in a web farm so my machinekey needs to be sticky.
But I think I'm missing the point. If I place the machine key in the web.config, and I place the encrypted section in the web.config, then how is that secure? Surely that is obfuscation at best?
My scenario:
We are building web applications that are hosted in the cloud, developed and managed internally. The reason for needing to protect sensitive keys is because we have settings that allow use of third party tools (e.g. ESP, Cloud storage, etc). With these publicly visible in the web.release.config transform, developers are free to connect to product services, opening an element of risk.
If you can fill in the gaps in my logic, that would be great. But what I'm really after are suggestions on best practice solutions to my problem.
I'll add more information on request.
