I'm in the process of trying to encrypt the appSettings portion of our Machine.confings in a web farm environment so all our applications have the resources they need available to them. Everything I've read from MS says to use RSA with an exportable machine-level key to do this.

So I took a look at the Best Practices guidance from Channel 9 and when I tried to do this what I noticed was that it was the web.config (Windows\Microsoft.Net\version 2.0..\CONFIG\web.config) that ended up changing and not the machine.config (which is where our appSettings Section currently resides) so now I am a bit confused on how to do what I want to do. What we're looking at doing is using this to encrypt connection strings an passwords to database resources.

Currently we keep all our connection strings in one place (appSettings in the machine.config). We have multiple applications that connect to more than one database and this was the easiest way to make everything available.

Here are the questions I have and if you could help by providing some answers and examples that would rock:

Once we have everything encrypted and we need to change passwords for the application how do we go about doing that? Do we have to redo all the steps to encrypt everything again on both our development and production servers?

How do we add another database username/password to the appSettings section?

How would we connect to these resources in the applications we're building on our development and production servers?

Is there a better walk-through example of how to do this other than the one listed at Channel 9 or the MSDN?

Since we're primarily dealing with connection strings and the like for databases do I need to move this to the connectionStrings portions of the machine level web.config?