Encrypting the Rules Store and the Service Information Store
The Autoscaling Application Block uses Personal Information Exchange format keys (PFX, also called PKCS #12) to encrypt the service information store and the rules store in Windows Azure blob storage and in local file storage. For more information, see "Pkcs12 Protected Configuration Provider."
|The encryption solution used by the Autoscaling Application Block is not recommended as a general approach for encrypting sensitive data in Windows Azure. The Autoscaling Application Block uses this solution to meet its specific security requirements. You should carefully evaluate any encryption approach that you decide to use in your own Windows Azure applications.|
You can use the Protect-ScalingStore Windows PowerShell Cmdlet to encrypt the store file on the local machine using a PFX certificate. To create a suitable certificate, see the topic "Creating an Encryption Certificate."
To encrypt a store file in blob storage you must perform three steps. First, encrypt the file locally using the Protect-ScalingStore cmdlet. Second, upload the store file to Windows Azure blob storage using the Set-ScalingStore cmdlet. Third, ensure that you upload to Windows Azure the service certificate that the block needs to decrypt the store file.
|You can pipe the output from the Protect-ScalingStore cmdlet to the Set-ScalingStore cmdlet in a script.|
To upload your certificate to Windows Azure you can use any of the following methods.
- Windows Azure Management Portal. You can upload the service certificate through the Management Portal. For more information, see "How to Add a New Certificate to the Certificate Store" on MSDN.
- Windows Azure PowerShell Cmdlets. You can use the Add-Certificate cmdlet to upload a service certificate. For more information, see "Windows Azure PowerShell Cmdlets" on CodePlex.
- CSUpload Command-Line Tool. You can use the CSUpload command-line tool in the Windows Azure SDK for .NET to upload a service certificate. For more information, see "How to Upload a Service Certificate by Using the CSUpload Command-Line Tool" on MSDN.
To encrypt a store file in local file storage, encrypt the file locally using the Protect-ScalingStore cmdlet.
Last built: June 7, 2012