SSIS Package Config File Encryption - sql-server-2005

We have SSIS package config files that contain DB encryption passwords or PGP encryption passwords. I came to the conclusion that there is no "silver bullet" solution for encrypting SSIS package config files like with web.config files ect.
Should we consider not using config files at all for SSIS packages and if so what other options do we have available for storing settings?

Encryption of configuration files are not handled by SSIS itself. You can use NTFS encryption and/or ACLs to control access to config files and contents. It beats learning and administering a new access/encryption mechanism, and nicely ties in to your AD efforts.
Another option is to store the configurations in a SQL table and use SQL security to control access, but most administrators seem to prefer file-based management.

Could you use a table for config storage and lock down access to it? Throw that database/log/backup in an EFS protected folder and the only people that could access would be SQL sysadmins/or authorized accts and whoever has access to decrypt efs with a recovery account and restore the database (domain admins?).
You could also use SQL 2005's native encryption and write your own procedure to access the data and then set the connection properties in a script task. I haven't done this, but theoretically it might work.

While storing configuration information in a database is a viable alternative, if you are stuck with XML configuration files (for a variety of reasons), you may try BI xPress Secure Configuration Manager or SSISCipherBoy (freeware, I am affiliated to this project). These two utilities answer your question precisely.

Related

Best approach to backuping program config files?

I have a program which looks for a config.json file where it reads needed sensitive infos like DB creds, different APIs creds, etc. I don't upload the config file to the git repository because I understand it's a bad approach, although it's a private repository. Now I'm starting to fear the case that I by accident delete this file, or due to a failure in my machine, I could permanently lose it. My question is - what is the best approach I could use to have a constant secured backup for this file, considering that it may contain very sensitive informations?
Also I would like to specify that this config file is frequently changed (and may increase in size...).
Select, implement, and test a backup system that meets your requirements for securing sensitive data. Access controls to the backup system, encrypting backup media, and logging jobs run are fundamental features to manage data.
Storing secrets in version control like git is tempting. But beware, a git repo may be cloned to many places, and every copy contains your credentials forever. Deleting them permanently requires rewriting history. Possibly easier to change any creds that got committed, leave the old ones in history, and don't commit secrets in the future.
Think about how you want to manage secrets. Secrets management software exists that wraps creds and keys in strong authentication and encryption. Building the application server could involve installing the application, and retrieving the API creds via the secret server. It may suit your needs to have different systems to store automation scripts, secrets, and backups.

restrict mdf file to be attached

We can copy MDF and LDF files and paste them on other PC and easily attach it and view its contents!
I want to restrict that no one except me can easily attach my mdf files.
Encryption is not possible option for me. I am using SQL Server 2014 Express Edition.
You can use EFS, Encrypting File System, which is a windows feature. You will need to install a certificate for this under your account on the server. If anyone tries to copy or read the file and does not have permissions to the certificate, then they will get an error. Just be sure to grant the service account for the database engine access to the certificate or your database will not be usable until you do. I would recommend testing this before implementing.

How to Manage Environment Variables for Continuous Deployment

So, a common practice these days is to put connection strings & passwords as environment variables to avoid their being placed into a file. This is all fine and dandy, but I'm not sure how to make this work when trying to set up a continuous deployment workflow with some configuration management tool such as Salt/Ansible or Chef/Puppet.
Specifically, I have the following questions in environments using the above mentioned configuration management tools:
Where do you store connection strings/passwords/keys separate from codebases?
Do you keep those items in a code-repo of some type (git, etc.)?
Do you use some structure built-in to your tool?
How do you keep those same items secure?
Do you track changes/back-up these items, and if so, how?
In Chef you can
store passwords or API tokens in either encrypted data bags or using chef-vault. They are then decrypted while chef does the provisioning (with encrypted data bags using a shared secret, with chef-vault using the existing PKI of Chef client).
set environment variables when calling external software using the environment parameter of e.g. the execute resource.
not sure, what to write here -- I'd say you don't really manage them. This way you set the variables only for the command that needs it, not e.g. for the whole chef run.
With puppet, the preferred way is probably to store the secrets in Hiera files, which are just plain YAML files. That means that all secrets are stored on the master, separate from the manifest files.
truecrypt virtual encrypted disks are cross-platform and independent of tooling. Mount it read-write to change the secrets in the files it contains, unmount it and then commit/push the encrypted disk image into version control. Mount read-only for automation.
ansible-vault can be used to encrypt sensitive data files. A CI server like Jenkins however is not the safest place to store access credentials. If you add Hashicorp Vault and Ansible Tower/AWX, then you can provide a secure solution for several teams.

Shipping SQL server database with my application

I wish to ship SQL server database file with my application. I am very very new to SQL.
1) I do not know how to protect this file from being opened.
2) If this file is emailed, can anybody read it?
3) Is there any possibility of protecting it like Access database is password protected so even emailed, no one can open it.
Thanks
Furqan
Regular SQL Server database files (.mdf, .ldf) aren't intended to be shipped with your application and installed locally - they are intended to be used on a SQL Server instance, running in a secure environment where typical users don't have physical access to the files per se.
As such, .mdf/.ldf files cannot really be protected by a password or anything like that - you can define users and their permissions, but that only applies to the permissions inside the database - not the database file(s) itself.
For your scenario, I guess you'd be better off with SQL Server Compact Edition - an in-process (just a bunch of DLL's), one-file-for-your-entire-database (*.sdf) kind of database - much more closely an Access replacement than the full-fledged SQL Server.
The documentation clearly states:
SQL Server Compact Edition was
designed from the beginning assuming
the user had access to the physical
file. Without an additional security
mechanism, the user could bypass your
application and use tools such as
MSQuery to view and edit the raw data.
SQL Server Compact Edition supports
the ability to password protect and
encrypt the data file, thereby
limiting access to your application
which embeds the password. The
password protection of the database
file adds a layer of protection that
travels with the file, making it
harder to access the data in the event
a rogue user obtains the file.
Read more about SQL Server Compact 3.5 and you might also want to check out the SQL Server Compact blog which discusses the latest developments (SQL Server Compact 4.0 is in testing right now).
1) Assign a username and password to through SSMS or Enterprise Manager
2) No, because of [1]
3) Yes, because of [1]
Just to be doubly sure: take the database offline, zip encrypt .mdf file, and send it
If you ship it - than someone on the other end need to open and install it.
You can protect the file using zip software with password, and tell it to the other party on the phone.
1) Even if you protect it before it is added to the SQL server the user will be able to get into the database once it is loaded and running on the server.
2) Possible, but why would you want to email a database file?
3) When you email it you can add it to an archive with password, like a password protected zip file.

Multiple Website Backup

Does anyone know of a script or program that can be used for backing up multiple websites?
Ideally, I would like the have it setup on a server where the backups will be stored.
I would like to be able to add the website login info, and it connects and creates a zip file or similar that it would then be sent back to the remote server to be saved as a backup etc...
But it would also need to be able to be set up as a cron so it backed up everyday at least?
I can find PC to Server backups that a similar, but no server to server remote backup scripts etc...
It would be heavily used, and needs to be a gui so the less techy can use it too?
Does anyone know of anything similar to what we need?
HTTP-Track website mirroring utility.
Wget and scripts
RSync and FTP login (or SFTP for security)
Git can be used for backup and has security features and networking ability.
7Zip can be called from the command line to create a zip file.
In any case you will need to implement either secure FTP (SSH secured) OR a password-secured upload form. If you feel clever you might use WebDAV.
Here's what I would do:
Put a backup generator script on each website (outputting a ZIP)
Protect its access with a .htpasswd file
On the backupserver, make a cron script download all the backups and store them