How to Encrypt Database Connection Strings

Database connection strings for all CAM web applications are encrypted during the installation process, both for on premises and hosted configurations. The one exception is the CAM REST API for on-premises installations.

Encryption Tool

The encryption tool (EncryptWebConfigs.exe) is installed by default during CAM setup. However, if you install the CAM REST API on a separate machine from other CAM web applications, you must install the tool manually.

To install the CAM encryption tool:

  1. Navigate to the \CAM\CamApiSetup\EncryptWebConfigs folder of the CAM installation directory.
  2. Execute EncryptWebConfigs.msi

Encrypt Web Application Database Credentials

If you have installed the CAM REST API, you must run the encryption tool to encrypt its database credentials.

You must have Administrator privileges to install the program and encrypt or decrypt files.
You only need to do this on the machine on which the CAM REST API is installed.
  1. Open a command prompt as an Administrator.
  2. Change the directory to C:\Program Files (x86)\Cherwell Asset Management\CAM Web\Encrypt Web Configs
  3. Run the following command to display all the files the tool is going to encrypt, without actually encrypting them:

    EncryptWebConfigs.exe encrypt --dryrun

  4. Run the following command to encrypt the files:

    EncryptWebConfigs.exe encrypt

Run EncryptWebConfigs.exe --help to see a list of possible commands.

Encrypt Web Application Configuration Files

The following commands encrypt the CAM web applications installed and configured with IIS on a single web server. If CAM web applications are installed on multiple web servers, the commands must be run on each web server.
You only need to do this if you want to re-encrypt or you are encrypting the CAM REST API connection string for an on-premise implementation.

To encrypt web application configuration files:

  1. Open a command prompt as an Administrator.
  2. Change the directory to C:\Program Files (x86)\Cherwell Asset Management\CAM Web\Encrypt Web Configs
  3. Run the following command to display all the files the tool is going to encrypt, without actually encrypting them:

    Encryptwebconfigs.exe -dryrun

  4. Run the following command to encrypt the files:

    Encryptwebconfigs.exe -encrypt

Decrypt Web Application Configuration Files

You can use the EncryptWebConfigs tool to decrypt the credentials in your web.config files if needed.

To decrypt web application configuration files:

  1. Open a command prompt as an Administrator.
  2. Change the directory to C:\Program Files (x86)\Cherwell Asset Management\CAM Web\Encrypt Web Configs
  3. Run the following command to display all the files the tool is going to decrypt, without actually decrypting them:

    EncryptWebConfigs.exe decrypt --dryrun

  4. Run the following command to decrypt the files:

    EncryptWebConfigs.exe decrypt

Update the Database Server's Connection Details

To update the database server's connection details:

  1. Open a command prompt as an Administrator.
  2. Change the directory to C:\Program Files (x86)\Cherwell Asset Management\CAM Web\Encrypt Web Configs
  3. Run the following command to show all the files and values that will change, without actually making the changes:

    EncryptWebConfigs.exe database--dbserver=<dbserver-name> --dbname=<database-name> --dbuser=<db-username> --password=<db-password> --dryrun

  4. Run the command without the dryrun:

    EncryptWebConfigs.exe database--dbserver=<dbserver-name> --dbname=<database-name> --dbuser=<db-username> --password=<db-password>