Encrypt the SMTP credentials

Current version: 3.5

By default, the SMTP credentials that EXM uses are stored in the Sitecore.EmailExperience.ContentManagement.config file. Storing credentials that are not encrypted in the server file system may not be safe enough. The recommended approach is to store credentials in an encrypted connection string and reference the connection string's name from the configuration file.

To encrypt connection string information stored in the ConnectionStrings.config file:

  1. Locate the ASP.NET IIS registration tool, Aspnet_regiis.exe, in the %systemroot%\Microsoft.NET\Framework\versionNumber folder.

  2. At the Windows command line, run the Aspnet_regiis.exe utility with the -pef option. Pass it the string "connectionStrings" to encrypt the ConnectionStrings.config file and the file location, for example:

    RequestResponse
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis -pef "connectionStrings" "c:\inetpub\wwwroot\exm\Website"

    When the command has finished, in the ConnectionStrings.config file, the SMTP connection string will contain encrypted information instead of plain text:

    RequestResponse
    <?xml version="1.0" encoding="utf-8"?>
    <connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
    <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
      xmlns="http://www.w3.org/2001/04/xmlenc#">
        <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
            <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
                <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
                <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                    <KeyName>Rsa Key</KeyName>
                </KeyInfo>
                <CipherData
                    <CipherValue>s6sBp/aFDk6vPjWx3KwEFNlqw+gZ6iuAIOhrawFEWID/1etSH1cpy6maiDmppdqOilWRKIX0Wrluh7ZKGUlY6GpcayjPVqxnMVP2DAkNUcxaxUm6DlUw1SOaByc1tw6P3Nh/L4LN1VJYtCSbw8idXGpqc97X/aoSBhm/IAldIW4=</CipherValue>
                </CipherData>
            </EncryptedKey>
        </KeyInfo>
        <CipherData>
            <CipherValue>trbSB8hYe9i81qyX8751y+HnOJOH7e2vPvHQqbp5j2Rc1Rg0k0Lv5g+Tfvtc7IyZVRB2C/n4jku32ZTGn7FF9ykMkO40MsLd5iaT9Q6Em2kcTl9h3ernHxNfFsXRT6eaflmfASuqgsVj+Oc9RX87DQBynWm0EHydKB/ylTO1yzzC7tLSwaNuRW/HboeJ3wMaTDTjiImPI49w5QZ9p66CydWoAfaEBj2XjDYFgUHHnH0rE48dNE262/2AByi67LcigGsFbLZA66fxxKznxdJwCVBjpTu5J0II4b8X5QN8xpE=</CipherValue>
        </CipherData>
    </EncryptedData>
    </connectionStrings>
    Note

    To decrypt the encrypted file, use the Aspnet_regiis.exe utility with the -pdf option and the same syntax:

    RequestResponse
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis -pdf "connectionStrings" "c:\inetpub\wwwroot\exm\Website"

Do you have some feedback for us?

If you have suggestions for improving this article,