How to Encrypt Database Connection Strings

CAM provides a file that can be run by system administrators to encrypt database connection strings in the web application configuration files.

The system administrator can encrypt database connection strings in several web application configuration files, including those used in Purchasing, Reporting Applications, and the CAM Access Point, as well as other configuration files used for data retrieval functions.

Good to know:

  • The program uses the local machine's certificate to encrypt the credentials.
  • You must have Administrator privileges to install the program and encrypt or decrypt files.
  • Run Encryptwebconfigs.exe -help to see a list of possible commands.

Install the Tool

  1. Contact Cherwell to obtain the file.
  2. Copy the file to the C:\Program Files (x86)\Cherwell Asset Management\CAM Web directory.
  3. Run C:\Program Files (x86)\Cherwell Asset Management\CAM Web\EncryptWebConfigs.msi to install the program.
    The MSI file runs, but does not provide additional feedback.
  4. Go to the following location to verify the installation was successful:

    C:\Program Files (x86)\Cherwell Asset Management\CAM Web\Encrypt Web Configs

Encrypt Web Application Configuration Files

The following commands encrypt the CAM web applications installed and configured with IIS on a single web server. If CAM web applications are installed on multiple web servers, the commands must be run on each web server.
  1. Open a command prompt as an Administrator.
  2. Change the directory to C:\Program Files (x86)\Cherwell Asset Management\CAM Web\Encrypt Web Configs
  3. Run the following command to display all the files the tool is going to encrypt, without actually encrypting them:

    Encryptwebconfigs.exe -dryrun

  4. Run the following command to encrypt the files:

    Encryptwebconfigs.exe -encrypt

Decrypt Web Application Configuration Files

  1. Open a command prompt as an Administrator.
  2. Change the directory to C:\Program Files (x86)\Cherwell Asset Management\CAM Web\Encrypt Web Configs
  3. Run the following command to display all the files the tool is going to decrypt, without actually decrypting them:

    Encryptwebconfigs.exe -dryrun

  4. Run the following command to decrypt the files:

    Encryptwebconfigs.exe -decrypt

Update the Database Server's Connection Details

  1. Open a command prompt as an Administrator.
  2. Change the directory to C:\Program Files (x86)\Cherwell Asset Management\CAM Web\Encrypt Web Configs
  3. Run the following command to show all the files and values that will change, without actually making the changes:

    Encryptwebconfigs.exe -dryrun -server=servername -database=databasename -user=username -password=password

    This command can be run for any combination of values. If a value is not specified in the command line, it's assumed the value stays the same.
  4. Run the command without the dryrun:

    Encryptwebconfigs.exe -server=servername -database=databasename -user=username -password=password

    If the connection string is not already encrypted, this command automatically encrypts the string at the same time.

If you want the Connection String to remain unencrypted, run the following command:

Encryptwebconfigs.exe -decrypt

Uninstall the Program

Uninstalling the program does not decrypt the files; it only removes the program from the server. If you need to later decrypt the files or change the database, reinstall the program.

  1. Open your Control Panel, then select Programs > Programs & Features > Uninstall or change a program, then find and select Cherwell Asset Management Credential Encryption Tool.
    Your path in the Control Panel may vary, depending on your version of Windows.
  2. Select Uninstall.