Encrypting the SSIS Package Configuration File
We have SSIS package configuration files that contain DB encryption passwords or PGP encryption passwords. I have come to the conclusion that there is no silver bullet solution to encrypt SSIS package configuration files, for example using web.config files.
Should we not use configuration files for SSIS packages at all, and if so, what other options do we have for storing settings?
source to share
Configuration file encryption is not handled by SSIS itself. You can use NTFS encryption and / or ACL to control access to files and configuration content. It trumps learning and administering a new access / encryption mechanism and ties in nicely with your AD efforts.
Another option is to store the configurations in a SQL table and use SQL security to control access, but most administrators prefer file-based management.
source to share
Could you use a table to store the configuration and block access to it? Throw this database / log / backup to an EFS protected folder and the only people who could get access would be the SQL sysadmins or allowed actions and who has access to efs decryption using the database restore and restore account (admins domain?).
You can also use native SQL 2005 encryption and write your own procedure to access the data and then set connection properties in the script task. I didn't do this, but in theory it might work.
source to share
Storing configuration information in a database is a viable alternative, if you are stuck with XML configuration files (for various reasons) you can try BI x Click Secure Configuration Manager or SSISCipherBoy (free, I linked to this project). These two utilities answer your question exactly.
source to share