Some clients will want to encrypt the logins and passwords in the web.config. This article describes how to encrypt/decrypt Cyara .NET and .NET Core application configuration files. All the commands below must be run as an administrator. Make sure the original passwords are stored somewhere.

Simple Encryption and Decryption Of Cyara's .NET Applications' Configuration Files

Simple Encryption and Decryption doesn't require additional key containers to be created, as it uses the machine-level RSA key container. This method should be used for all implementations that do not explicitly require the use of separate key containers.

1.    How to encrypt sections in the web.config file

• Create a backup of the web.config file.
• Open an administrative command prompt, and then change the directory to the folder containing the .NET version used to run the Web Portal; for example, C:\Windows\Microsoft.NET\Framework64\v4.0.30319

• Encrypt a section of the web.config:

aspnet_regiis -pe "NameOfSectionToEncrypt" -app "/CyaraWebPortal" -prov "RsaProtectedConfigurationProvider"

The NameOfSectionToEncrypt must match the section name in the web.config file. For example, secureAppSettings or connectionStrings. The parameter to the app flag must match the site name of the Web Portal in IIS.

2.    How to encrypt sections in other Cyara Platform Component configuration files

The commands above only work for applications running in IIS. Other Cyara Platform Components also store sensitive information that customers may want to encrypt. The following instructions outline how to encrypt configuration files for other Cyara Platform Components.

Note: anything inside angle brackets <> must be changed to suit the current environment. Angle brackets are not to be included in the command executed, they must be removed.

• Stop the Cyara Component's service.
• Create a backup of the Component's *.config file.
• Rename the configuration file to web.config.
• Open an administrative command prompt, and then change the directory to the folder containing the .NET version used to run the Cyara Platform Component; for example, C:\Windows\Microsoft.NET\Framework64\v4.0.30319

• Note: If the Cyara Component is not running as the local system user, grant the user access to the machine- level RSA key container:

aspnet_regiis -pa "NetFrameworkConfigurationKey" "MachineNameOrDomainName\ServiceUser"

• Encrypt a section of the configuration file:

aspnet_regiis -pef "NameOfSectionToEncrypt" "PathToComponentInstallDirectory" -prov "RsaProtectedConfigurationProvider"

NameOfSectionToEncrypt must match the section name in the web.config file. For example, secureAppSettings or connectionStrings. PathToComponentInstallDirectory must be the full path to the Cyara Platform Component's installation directory; for example:

C:\Program Files (x86)\Cyara\CyaraChatCoordinator

• Rename the web.config file back to its original name; for example, "Cyara.Chat.Customer.Execution.Coordinator.exe.config"

• Restart the Cyara Platform Component's service for the encryption changes to take effect.

3.    How to decrypt sections in the web.config file

1. Open an administrative command prompt, and then change the directory to the folder containing the .NET version used to run the Web Portal; for example, C:\Windows\Microsoft.NET\Framework64\v4.0.30319
2. Decrypt a section of the configuration file:

aspnet_regiis -pd "NameOfSectionToDecrypt" -app "/CyaraWebPortal"

4.    How to decrypt sections in other Cyara Platform Component configuration files

The commands above only work for applications running in IIS. The following instructions outline how to decrypt configuration files for other Cyara Platform Components.

• Stop the Cyara Component's service.
• Rename the configuration file to web.config.
• Decrypt a section of the configuration file:

aspnet_regiis -pdf "NameOfSectionToDecrypt" "PathToComponentInstallDirectory"

• Rename the web.config file back to its original name; for example, "Cyara.Chat.Customer.Execution.Coordinator.exe.config"

• Restart the Cyara Platform Component's service for the decryption changes to take effect.

Encryption Of Cyara's .NET CORE Applications' Configuration Files

Latter Cyara Applications are built on .NET CORE Framework that requires different encryption process. We will review it on the example of encrypting Message Bus credentials.

How to change the encrypted Message Bus password post-deployment

If you have encrypted the password for Message Bus and subsequently changed this password post-deployment, this password will need to be re-encrypted.

To update the MessageBusSettings.Password field in each component's configuration file, you must use the Cyara.Utils.SettingEncrypter application.

This application accepts commandline arguments, and will convert to their encrypted equivalent, printing on the output.

Example:

>>> Cyara.Utils.SettingEncrypter.exe myWonderfulPassword

$c$E2:60e474a4-fb67-4750-b49b-1e07b49fccd0:su/WxsmC+JV32AGbrOsXTiHoewlRe7o4evYfiXeoNP4=

The resulting text output ($c$E2:... in the output above) should be copied to the MessageBusSettings.Password in the component's configuration file.