I store my web application connection strings into the web.config file to prevent hardcoding them into the application, enabling them to be easily changed (and not having to redeploy a production application with a new database string). In addition to this, I have begun encrypting the database connection string in the web config, then decrypting it in the code. This allows me to keep my database access credentials hidden from prying eyes (i.e. network admins who have access to the webserver, or to anyone else who may compromise the server in any way). By decrypting it, I am faced with another dilemma - the storage of my encryption key.
I do not like the idea of hardcoding my encryption key into the application, because it makes it very inflexible in the event that I need to change it (new build and deploy). Putting the encryption key into the web.config would defeat the whole purpose of encrypting the database string. I have come upon no other solutions to this, and am at a loss for a better way to handle it. I know of no other places to store an encryption key securely, where it can be modified if necessary.
What are some suggested security techniques for doing something along these lines? Is it recommended to even store the connection string in the web.config, or to use something else entirely (such as a database repository of connection strings, where a DBA can monitor, maintain and change when necessary)?
Any help that anyone can give would be greatly appreciated.
Thanks.