Transform encrypted connect strings for web.config?

How do you handle web.config connect strings that are encrypted but must vary by environment?

Can’t you do something like this:

cast the web.config as XML and search for the conn string name and replace the encrypted string with a encrypted constring that you store as a variable in octopus? then you could hide the encrypted string by using private on the variable.

function update-connectionstrings($configFile, $NameString, $oldValue, $newValue)
{
[xml]$xml=[xml](Get-Content $configFile -ErrorAction SilentlyContinue)
foreach($connstring in $xml.configuration.connectionStrings.add)
{
if (($connstring.name) -like “$nameString”)
{
$old = $connstring.connectionstring
$new = $old.replace($oldvalue, $newValue)
($connstring.connectionstring) = $new
}
}
if(Get-ItemProperty $configfile -name isreadonly)
{ Set-ItemProperty $configFile -Name isreadonly -Value $false}
$xml.Save($configFile)

write-host "old value $old"
write-host "new value $new" 

}

$cnfgPath = “D:\configs” #path to config file
$EnvironmentName = $OctopusParameters[‘Octopus.Environment.Name’]
$subEnv = ($EnvironmentName.Split("-"))[0]
$configPath = $cnfgPath + “web.config”

#newDBName= The name of the READONLY Database server to change the connection string to. if it does not exist as a variable in octopus it will not update the connection strings
#oldDBName= This is the name of the availability group that needs to change if this is blank it will not update the connection strings

if(($oldDBName) -and ($newDBName))
{
Write-host "Changing Config File $configPath"
update-connectionstrings $configPath “ProductRuntime” $oldDBName $newDBName
}
Write-host “Variables old uri: $oldUriValue New Uri: $newUriValue OldDb: $oldDBName NewDB:$newDBName”

Hi,

Thanks for reaching out. We have a blog post about that should be a pretty good starting point

Let me know if it helps

Dalmiro.