Preserving Sensitive Properties in SSIS Packages

19 December 2022
KingswaySoft Team

While working with SSIS packages, there are certain default behaviors and settings, which are there to make sure that sensitive properties are protected so that they are not saved or exposed as plain text. And by sensitive properties, it would mean any property that is sensitive in nature, such as "Password", "Client Secret", "API Key", etc. Usually, in the connection/component UI within development tools like Visual Studio or SSDT, they would be masked out. In an SSIS package, the following are defined as sensitive:

  • The password, secret, or such parts of a connection string. 

  • The task-generated XML nodes that are tagged as sensitive. The tagging of XML nodes is controlled by Integration Services and cannot be changed by users.

  • Any variable that is marked as sensitive. 

Whether Integration Services considers a property sensitive depends on whether the developer of the Integration Services component, such as a connection manager or task, has designated the property as sensitive. However, while deploying them onto an integration server, if these are not handled properly, it could result in unexpected errors, such as bad requests, unauthorized errors, etc. Therefore, having some steps and validations to have these translated successfully would ensure that the package runs flawlessly on the server as a part of an SSIS job. In this blog post, we will be discussing a few such mechanisms.

Protection Levels

In order to preserve such sensitive properties, you can set protection levels at the project and package levels. Furthermore, you can encrypt those sensitive fields with a password or a user key. There are various protection levels from which you can select the appropriate one. To do so,  right-click on the project name and then open Properties.

Select Project Properties.png

Properties window.png

Here you can see the types available in the drop-down list.

Protection levels types.png

Out of these, the following two are the most commonly used options with regard to preserving sensitive properties:

  1. EncryptSensitiveWithPassword
  2. EncryptSensitiveWithUserKey

While using EncryptSensitiveWithUserKey, the option utilizes a user key based on the current user (who has created or last saved the package) to encrypt the values of the package's sensitive properties. Once done, then, only the same user who is using the same account profile can load the package on the same computer. If a different user tries to open the package, the sensitive information is removed and the current user must provide new values for the sensitive data. Note that this is the default option of an SSIS package after being created. Now, when you deploy the package from SSDT to an integration services catalog on your integration server, the package would only work properly if it's by the same user on the same computer. However, if the package encrypted by the User Key is imported to the SSIS catalog by an external wizard, which could be by using an .ispac file, then it would need to be the same user running the package (as a proxy user). Or if it's the service account, then the User Key needs to be handled accordingly.

Similarly, but slightly different from the above, is the EncryptSensitiveWithPassword protection level. It uses a password to encrypt the values of sensitive properties in the package. Sensitive data is saved as a part of the package, but that data is encrypted by using a password supplied when the package is created or exported.

EncryptSensitiveWithPassword.png

Now, as with all Protection Levels, this needs to be in Sync in both Project and the associated packages. Therefore, once the protection level is set at project level, you could set the same in the package by opening the package Properties window in the control flow view.

Package level protection level settings.png

To open the package in SSIS Designer, which is saved with the EncryptSensitiveWithPassword option, the user must provide the package password. If the password is not provided, the package opens without the sensitive data and the current user must provide new values for sensitive data. If the user tries to execute the package without providing the password, package execution will fail. And once deployed, the package password would need to be provided in the configuration tab when it pops up, unless it's deployed from within SSDT since a password would have already decrypted the packages.

Connection Parameterization

Along with Protection Levels, when you parameterize the Connection Managers, it is important to make sure that the sensitive properties are not missing in your deployment process. The recommended approach to parameterize connections is by using the ConnectionString property. For this, right-click on a connection manager, and open the properties panel, in which you can find the "ConnectionString" property.

ConnectionString.png

In the ConnectionString, however, you will notice that the sensitive properties are missing. For instance, if you had filled up a password in the connection manager UI, it wouldn't be visible in the ConnectionString. The reason is that sensitive properties, as defined initially, are not actually saved as plain text in the ConnectionString for security reasons. For runtime use, you could however add those sensitive fields to the ConnectionString property. The format would be Password=myPassword; (make sure you have a semicolon as the last character), or ClientSecret=myclientSecret; etc., and can be placed anywhere in the ConnectionString. 

Now, once again, this leads to them being in pain text, and in order to avoid that, you could assign these values to sensitive parameters, and assign those parameters in place of these text values. In SSIS, it allows a parameter to be sensitive and to be assigned to the property, as long as the property is sensitive as well.

Sensitive properties.png

Parameterization.png

Find out more details on how to assign them in an SSIS job in our blog post below:

Conclusion

We hope that this blog post has given you some insight on how to work with sensitive properties to avoid runtime issues in SSIS. It's worth mentioning again that when a project's protection level changes, it's important to change those of the associated packages as well to avoid any SSIS validation errors.

Archive

December 2024 1 November 2024 3 October 2024 1 September 2024 1 August 2024 2 July 2024 1 June 2024 1 May 2024 1 April 2024 2 March 2024 2 February 2024 2 January 2024 2 December 2023 1 November 2023 1 October 2023 2 August 2023 1 July 2023 2 June 2023 1 May 2023 2 April 2023 1 March 2023 1 February 2023 1 January 2023 2 December 2022 1 November 2022 2 October 2022 2 September 2022 2 August 2022 2 July 2022 3 June 2022 2 May 2022 2 April 2022 3 March 2022 2 February 2022 1 January 2022 2 December 2021 1 October 2021 1 September 2021 2 August 2021 2 July 2021 2 June 2021 1 May 2021 1 April 2021 2 March 2021 2 February 2021 2 January 2021 2 December 2020 2 November 2020 4 October 2020 1 September 2020 3 August 2020 2 July 2020 1 June 2020 2 May 2020 1 April 2020 1 March 2020 1 February 2020 1 January 2020 1 December 2019 1 November 2019 1 October 2019 1 May 2019 1 February 2019 1 December 2018 2 November 2018 1 October 2018 4 September 2018 1 August 2018 1 July 2018 1 June 2018 3 April 2018 3 March 2018 3 February 2018 3 January 2018 2 December 2017 1 April 2017 1 March 2017 7 December 2016 1 November 2016 2 October 2016 1 September 2016 4 August 2016 1 June 2016 1 May 2016 3 April 2016 1 August 2015 1 April 2015 10 August 2014 1 July 2014 1 June 2014 2 May 2014 2 February 2014 1 January 2014 2 October 2013 1 September 2013 2 August 2013 2 June 2013 5 May 2013 2 March 2013 1 February 2013 1 January 2013 1 December 2012 2 November 2012 2 September 2012 2 July 2012 1 May 2012 3 April 2012 2 March 2012 2 January 2012 1

Tags