I am deploying a website using AWS Elastic Beanstalk and it is very easy to deploy to a load balanced web farm.
Now I want to encrypt some sections in the web.config file for the sites that I deployed, whether before deployment or after.
There are many articles on how to use Aspnet_regiis.exe using RSA to encrypt a partition, but the problem is that you are dealing with a web farm because you need to export the private key to other servers.
From this article http://msdn.microsoft.com/en-us/library/ff647398.aspx see:
Web farm scripts If you want to deploy the same encrypted configuration file on multiple servers in a web farm, you should use RSAProtectedConfigurationProvider. This provider makes it easier for you to encrypt data on one server and then export the RSA private key, which is necessary for decrypting the data. You can then deploy the configuration file and the exported key to the target servers, and then re-import the keys.
However, my problem is that in a load-balanced environment, the servers will work up and down due to automatic scaling rules, and I need a process to automate key management, i.e. import on a newly deployed private key server is used to encrypt Web.config .
Has anyone done this or can give some idea?
source share