Select a site

IMPORTANT: This version of Sitefinity CMS is out of support and the respective product documentation is no longer maintained and can be outdated. Use the version selector to view a supported product version.

Administration: Encrypt sensitive data in configurations

Sitefinity CMS enables you to encrypt sensitive data located in the system configurations. For example, you can encrypt passwords or secret keys. You configure encryption options per configuration section. The administrative backend UI (Administration -> Settings -> Advanced) exposes an option to encrypt settings, which are considered sensitive data. This functionality is available via the Show encryption options button, located in the upper right-hand corner of each configuration section, for example:

ShowEncryptionOptions 

Clicking the button displays the persistence options for each applicable configuration setting:

EncryptionOptionsShown

Out of the box, Sitefinity CMS supports the following built-in options to persist configuration values:

  • No encryption
    The value is persisted in plain text.
    This is the default option.
  • Encrypted value
    The value is encrypted with the default Sitefinity CMS encryption algorithm, and the encrypted value is persisted. For example:
    EncryptedSettingValue

    NOTE: When retrieving a configuration setting value via the Sitefinity CMS Configurations API, you do not need to decrypt the value yourself - Sitefinity CMS will decrypt the value internally for you.

  • Key to app setting
    Using this option instructs Sitefinity CMS to look for the value of the configuration setting inside the web.config <appSettings> section, instead of persisting it in the default configuration location. Use this option if you want to take control over the encryption of the values yourself, for example leverage the default ASP.NET mechanism for encrypting web.config sections. For more information, refer to this MSDN article: Encrypting a Web Configuration Section. Unlike the first two modes, when using Key to app setting option, you do not enter the desired configuration setting value in Sitefinity CMS, but you specify a key name instead. You can use some unique prefix when coming up withthe key name, so it's easily distinguishable that this is not a configuration value, but a key name. For example:
    KeyToAppSetting 
    Sitefinity CMS will use this key to look for the value of the setting inside the web.config <appSettings> section. Then you must  manually add that key and the desired configuration value inside the web.config <appSettings> section as a key-value pair. For example:
This section contains:

Back To Top

Next: HTML sanitization