Linqpad encrypted passwords in shared scripts best practice?

edited August 2019
My team has a common git repo where we have a linqpad portable deployment setup (subfolders for queries/plugins, a ConnectionsV2.xml, etc

It works great except for sql auth since the encrypted passwords stored in the scripts are specific to the user/machine that last updated it (per FAQ, it's using the Windows Data Protection API).

One possible but less than ideal workaround is modifying the "Additional connection string parameters" to specifically add "Password=foo", but that means the cleartext password has to be checked in.

Is there a way to prevent different people from overwriting each other's encrypted passwords? Maybe store an array and each user gets an entry that's keyed to them for DPAPI needs (hash of sid? no idea)

@nescafe posted a script in to decrypt a connections file and then we could encrypt it on a target machine, but that's still mainly targeting each user keeping their own connections file.

Even trying to .gitignore the ConnectionsV2.xml (which I'd rather avoid, it's a very useful file to have checked in and availble) seems like it wouldn't be sufficient since the passwords in the script themselves would still be present.

FWIW some of the usage scenarios include machines that clone/pull the repo and then have a scheduled task to lprun, but one-time connection setups for such scenarios would be fine if possible.



  • Deleting the ConnectionsV2.xml would indeed fix the problem, because each user would then end up with their own version in their %appdata% folder. However, I can see how that would be inconvenient in that new users wouldn't see any shared connections until they opened a query.

    LINQPad should probably store another copy of the username and password in a separate local file when the connections file is portablized.
Sign In or Register to comment.