Encrypting the Rules Store and the Service Information Store

Retired Content

This content and the technology described is outdated and is no longer being maintained. For more information, see Transient Fault Handling.

patterns & practices Developer Center

The Autoscaling Application Block uses Personal Information Exchange format keys (PFX, also called PKCS #12) to encrypt the service information store and the rules store in Microsoft Azure blob storage and in local file storage. For more information, see "Pkcs12 Protected Configuration Provider."


The encryption solution used by the Autoscaling Application Block is not recommended as a general approach for encrypting sensitive data in Azure. The Autoscaling Application Block uses this solution to meet its specific security requirements. You should carefully evaluate any encryption approach that you decide to use in your own Azure applications.

You can use the Protect-ScalingStore Windows PowerShell Cmdlet to encrypt the store file on the local machine using a PFX certificate. To create a suitable certificate, see the topic "Creating an Encryption Certificate."

To encrypt a store file in blob storage you must perform three steps. First, encrypt the file locally using the Protect-ScalingStore cmdlet. Second, upload the store file to Azure blob storage using the Set-ScalingStore cmdlet. Third, ensure that you upload to Azure the service certificate that the block needs to decrypt the store file.


You can pipe the output from the Protect-ScalingStore cmdlet to the Set-ScalingStore cmdlet in a script.

To upload your certificate to Azure you can use any of the following methods.

To encrypt a store file in local file storage, encrypt the file locally using the Protect-ScalingStore cmdlet.

Next Topic | Previous Topic | Home

Last built: June 7, 2012