Encrypting the Rules Store and the Service Information Store
| Retired Content |
|---|
This content and the technology described is outdated and is no longer being maintained. For more information, see Transient Fault Handling. |
.png "patterns & practices Developer Center")
The Autoscaling Application Block uses Personal Information Exchange format keys (PFX, also called PKCS #12) to encrypt the service information store and the rules store in Microsoft Azure blob storage and in local file storage. For more information, see "Pkcs12 Protected Configuration Provider."
Note
The encryption solution used by the Autoscaling Application Block is not recommended as a general approach for encrypting sensitive data in Azure. The Autoscaling Application Block uses this solution to meet its specific security requirements. You should carefully evaluate any encryption approach that you decide to use in your own Azure applications.
You can use the Protect-ScalingStore Windows PowerShell Cmdlet to encrypt the store file on the local machine using a PFX certificate. To create a suitable certificate, see the topic "Creating an Encryption Certificate."
To encrypt a store file in blob storage you must perform three steps. First, encrypt the file locally using the Protect-ScalingStore cmdlet. Second, upload the store file to Azure blob storage using the Set-ScalingStore cmdlet. Third, ensure that you upload to Azure the service certificate that the block needs to decrypt the store file.
Note
You can pipe the output from the Protect-ScalingStore cmdlet to the Set-ScalingStore cmdlet in a script.
To upload your certificate to Azure you can use any of the following methods.
- Azure Management Portal. You can upload the service certificate through the Management Portal. For more information, see "How to Add a New Certificate to the Certificate Store" on MSDN.
- Windows Azure PowerShell Cmdlets. You can use the Add-Certificate cmdlet to upload a service certificate. For more information, see "Windows Azure PowerShell Cmdlets."
- CSUpload Command-Line Tool. You can use the CSUpload command-line tool in the Azure SDK for .NET to upload a service certificate. For more information, see "How to Upload a Service Certificate by Using the CSUpload Command-Line Tool" on MSDN.
To encrypt a store file in local file storage, encrypt the file locally using the Protect-ScalingStore cmdlet.
Next Topic | Previous Topic | Home
Last built: June 7, 2012