In our project, we want to use Azure Diagnostics. All is fine, except one thing, there seems to be no possibility to encrypt Azure Diagnostics connection string in cscfg file. Take this configuration part in cscfg, for instance (real values obscured):
In above, the whole conn string (also AccountKey) is seen in Azure portal. That is our problem.
Link to verify: https://manage.windowsazure.com/microsoft.onmicrosoft.com#Workspaces/CloudServicesExtension/CloudService/your-cloud-srv/configure
Also, it can be seen in this cscfg file. During roll out, we do not want to expose AccountKey to any other parties than eg Portal administrator. Now, my question is: is it possible to use encrypted AccountKey in cscfg file, or, what is the proposed way to activate Azure diagnostics in suc a manner that conn string can be decrypted just before Azure Diag activation?
This all has to work with the latest Azure SDK 2.71 or 2.8.1.
UPDATE: If I add encrypted conn string to say cscfg, being it eg EncDiagConnString, is it still possible with Azure SDK 2.7.1 or Azure SDK 2.8.1 to programatically start diagnostics, if I provide decrypted conn string in Azure roles OnStart() method?
UPDATE2: It seems to be so that activating Azure Diagnostics, it is possible outside cloud service via Azure management API (REST API), the best option seems to be using Azure PowerShell cmdlets: https://azure.microsoft.com/en-us/documentation/articles/cloud-services-dotnet-diagnostics/
