Import Machines Keys – Visual Studio Team Services – Unit Tests in Build

In my previous post I talked about how to Encrypt an App.config file and export the machine keys needed to deploy the application to different machines and import them, all using our old friend aspnet_regiis.exe

This breaks my build

If you are using Visual Studio Team Services build definition package, and you run Unit Tests during the build which rely on using the encrypted credentials, they will fall over which an error similiar to this one:

System.Configuration.ConfigurationErrorsException: Failed to decrypt using provider ‘DataProtectionConfigurationProvider’. Error message from the provider: Key not valid for use in specified state.

This (as explained previously) is beause the machine keys wont be present on our Azure VM, exactly the same reason if you ran the application on a desktop that didnt have the keys imported.

The answer is……

The VSTS has a handy build step Batch Script, which allows you do run batch files as part of the build process., example here:


What I did was create an area in the repository with a directory called encrypt, and leave my install_keys.bat file there. Then the first step I run is this script, which will then install the keys from the file (keys.xml) created previously.

My build order then in VSTS looks something like this:











Yes should mean your Unit Tests can access and decrypt the sections in the app.config for the credential data.

Security Hole

The only issue with the multi-machine-to-one-RSAkey approach, is the keys.xml is left on the VSTS server. Now it is left in a private repository, but it is still somewhere. We cannot delete it, because we may need it for more machines in the future.

Apart from that, the beauty of this approach is you can deploy your application with encrypted app.config credentials to any machines, as long as the machine has had these RSA keys installed.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.