How To Encrypt And Decrypt A Section Of web.config File In Orchestrator

The KB explains how to perform encryption and decryption to a particular section of web.config file in Orchestrator.


The Web.config file contains sensitive information that one may want to secure. It is possible to encrypt indicated sections in this file with the help of the Aspnet_regiis.exe tool.

To encrypt the secureAppSettings & connectionStrings section of the Web.config file, perform the following steps AFTER installing Orchestrator:

  1. Open the Command Prompt. 
  2. Change the directory to the location of the Aspnet_regiis.exe tool.This is usually located in %SystemRoot%\Microsoft.NET\Framework\versionNumber. For example cd %SystemRoot%\Microsoft.NET\Framework\v4.0.30319
  3. Add the following command aspnet_regiis -pe "secureAppSettings" -site "UiPathOrchestrator2017.1" -app "/" -prov "RsaProtectedConfigurationProvider"
    1. Where:
      • -pe - indicates which configuration section should be encrypted.
      •  -pd - indicates which configuration section should be decrypted.
      • -site - represents the site of the virtual path specified as the value of the -app argument. Change the value of this argument ("UiPathOrchestrator2017.1") if your instance’s name is different. If this is not specified, the default web site is used.
      • -app - encrypt at this virtual path. It must begin with a forward slash. If the value is just '/', then it points to the root of the site.
      • -prov - the library used to encrypt the secureAppSettings. You can use "RsaProtectedConfigurationProvider" or “DataProtectionConfigurationProvider” as values for this argument. The first option uses the RSA cryptosystem, while the latter uses DPAPI. We recommend using the RSA one as it provides more flexibility.

Snippet below for reference:

To Encrypt:

To Decrypt: