forked from mhenry1384/EncryptDecryptConfig
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathEncryptDecryptConfig.ps1
More file actions
80 lines (73 loc) · 2.61 KB
/
Copy pathEncryptDecryptConfig.ps1
File metadata and controls
80 lines (73 loc) · 2.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# Script to encrypt and decrypt sections in web.config and app.configs.
# If you don't specify a configsection, the default is the connectionStrings section.
# You can specify encrypt or decrypt. If you don't specify either, it will tell you if the sections are encrypted or decrypted.
#Requires -RunAsAdministrator
# Need to be an admin to open the RSA key container
param (
[string]$filepath = $(throw "-filepath is required."),
[string]$configsection = "connectionStrings",
[switch]$encrypt = $false,
[switch]$decrypt = $false
)
$ErrorActionPreference = "Stop"
if ($encrypt -and $decrypt)
{
echo "Cannot specify both encrypt and decrypt"
exit -1
}
if (!(Test-Path $filepath))
{
echo "File $filepath does not exist"
exit -1
}
$filepath = Resolve-Path -Path $filepath
function Save($section, $configuration)
{
$section.SectionInformation.ForceSave = [System.Boolean]::True
$configuration.Save([System.Configuration.ConfigurationSaveMode]::Modified)
Write-Host "Succeeded!"
}
# https://lookonmyworks.co.uk/2011/06/30/encrypting-external-config-sections-using-powershell/
#The System.Configuration assembly must be loaded
$configurationAssembly = "System.Configuration, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a"
[void] [Reflection.Assembly]::Load($configurationAssembly)
$configurationFileMap = New-Object -TypeName System.Configuration.ExeConfigurationFileMap
$configurationFileMap.ExeConfigFilename = $filepath
$configuration = [System.Configuration.ConfigurationManager]::OpenMappedExeConfiguration($configurationFileMap, [System.Configuration.ConfigurationUserLevel]"None")
$section = $configuration.GetSection($configsection)
if ($encrypt)
{
if ($section.SectionInformation.IsProtected)
{
echo "Section $configsection already encrypted in $filepath. Nothing to do."
}
else
{
Write-Host "Encrypting $configsection in $filepath..."
$section.SectionInformation.ProtectSection("RsaProtectedConfigurationProvider")
Save $section $configuration
}
}
elseif ($decrypt)
{
if ($section.SectionInformation.IsProtected)
{
Write-Host "Decrypting $configsection in $filepath..."
$section.SectionInformation.UnprotectSection()
Save $section $configuration
}
else
{
echo "Section $configsection already decrypted in $filepath. Nothing to do."
}
}
else
{
if ($section.SectionInformation.IsProtected)
{
"Section $configsection is encrypted in $filepath. Run this script with -decrypt to decrypt it."
}
else {
"Section $configsection is decrypted in $filepath. Run this script with -encrypt to decrypt it."
}
}