Try our conversational search powered by Generative AI!

Moving an encrypted value in web.config across servers

When encrypting the web.config file, what does EPiServer use as the encryption key? Is it the machineKey (from machine.config), some key from Licence.config, or something else? The reason for asking is that when encrypting a value in web.config on Server A, we can't cut-and-paste the now encrypted value into web.config on Server B - we get "System.Security.Cryptography.CryptographicException: Bad Data". So why not encrypt the web.config file from Server B in the same manner as we did on Server A, you might ask? Because the admin and edit functionality have been removed from Server B due to high security demands. Is it even possible to move an encrypted value from one server to another? Brgds, Niklas
Jun 20, 2006 17:43

I'm guessing EPiServer is using the machine key yes which of course won't work by copy pasting it to another server. Solution would be to decrypt on current server, copy paste that to new web.config, and encrypt again on both source and target server.

Dec 03, 2012 13:38

Hi Daniel,

we're using the standard configuration encryption method in ASP.NET. I use it to encrypt the connectionStrings.config, and this has to be done manually on each server. See the aspnet_regiis.exe command for more information, or read more here:

Note! In a load balanced environment, you can export/import the encryption keys, so you have the same config on all servers. Make sure you protect your keys if you go down this path.

Dec 04, 2012 7:59
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.