Encrypt the SMTP credentials

Last updated Friday, June 9, 2017 in Email Experience Manager for Administrator, Developer

By default, the SMTP credentials that EXM uses are stored in the Sitecore.EmailExperience.ContentManagement.config configuration file. Storing unencrypted credentials in the server file system may not be safe enough. The recommended approach is to store credentials in an encrypted connection string and reference the connection string's name from the configuration file.

To encrypt connection string information stored in the ConnectionStrings.config file:

  1. Locate the ASP.NET IIS registration tool – Aspnet_regiis.exe – in the %systemroot%\Microsoft.NET\Framework\versionNumber folder.
  2. At the Windows command line, run the Aspnet_regiis.exe utility with the -pef option. Pass it the string "connectionStrings" to encrypt the ConnectionStrings.config file and the file location, for example:
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis -pef "connectionStrings" "c:\inetpub\wwwroot\exm\Website"

    When the command has finished, in the ConnectionStrings.config file, the SMTP connection string will contain encrypted information instead of plain text:

    <?xml version="1.0" encoding="utf-8"?>
    <connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
    <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
      xmlns="http://www.w3.org/2001/04/xmlenc#">
      <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
       <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
        <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
         <KeyName>Rsa Key</KeyName>
        </KeyInfo>
        <CipherData>
         <CipherValue>s6sBp/aFDk6vPjWx3KwEFNlqw+gZ6iuAIOhrawFEWID/1etSH1cpy6maiDmppdqOilWRKIX0Wrluh7ZKGUlY6GpcayjPVqxnMVP2DAkNUcxaxUm6DlUw1SOaByc1tw6P3Nh/L4LN1VJYtCSbw8idXGpqc97X/aoSBhm/IAldIW4=</CipherValue>
        </CipherData>
       </EncryptedKey>
      </KeyInfo>
      <CipherData>
       <CipherValue>trbSB8hYe9i81qyX8751y+HnOJOH7e2vPvHQqbp5j2Rc1Rg0k0Lv5g+Tfvtc7IyZVRB2C/n4jku32ZTGn7FF9ykMkO40MsLd5iaT9Q6Em2kcTl9h3ernHxNfFsXRT6eaflmfASuqgsVj+Oc9RX87DQBynWm0EHydKB/ylTO1yzzC7tLSwaNuRW/HboeJ3wMaTDTjiImPI49w5QZ9p66CydWoAfaEBj2XjDYFgUHHnH0rE48dNE262/2AByi67LcigGsFbLZA66fxxKznxdJwCVBjpTu5J0II4b8X5QN8xpE=</CipherValue>
      </CipherData>
    </EncryptedData>
    </connectionStrings>

Note

To decrypt the encrypted file, use the Aspnet_regiis.exe utility with the -pdf option and the same syntax:

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis -pdf "connectionStrings" "c:\inetpub\wwwroot\exm\Website"