ProtectionLevel property. You can set the
ProtectionLevel property according to the level of protection that a package requires.
For example, in a team development environment, a package can be encrypted by using a password that is known to the team members who work on the package. You can easily set a password by using SQL Server Business Intelligence Development Studio or by using the dtutil utility (Dtutil.exe) for a single package. However, if you have to handle lots of packages, the best method is to use the dtutil utility to set the protection level of a batch of SSIS packages. You can generally put a list of individual commands for each package in a .bat file or in a .cmd file and then run the file. If the packages are stored in the same folder, you can use short commands to loop the batch of packages in that folder.
- You are deploying SSIS packages that have the default protection level.
- You have to send the packages by using a password to other team members who know the password.
for %%f IN (*.dtsx) DO dtutil.exe /File %%f /encrypt file;%%f;3;<promissory password>
- You do not have to decrypt packages that have the default protection level because the default protection level of SSIS packages is the EncryptAllWithUserKey value. The default protection level encrypts packages by using a key that is based on the user profile.
- Add the /q switch to avoid additional prompts.
- If you type this command at a command prompt, use one percent (%) symbol. If you use this command inside an MS-DOS-based batch file, use two percent (%%) symbols.
- In this command, <promissory password> is a placeholder for the password.
- This command actually performs a loop for the following command. The protection level is set as a parameter in the command. In this example, the protection level is set to 3 before the password. Use one of the protection levels that is described in the following table according to your requirements.
dtutil.exe /File %%f /encrypt file;%%f;3;<promissory password>
|0||Strip sensitive information.|
|1||Sensitive information is encrypted by using local user credentials.|
|2||Sensitive information is encrypted by using the required password.|
|3||The package is encrypted by using the required password.|
|4||The package is encrypted by using local user credentials.|
|5||The package uses SQL Server storage encryption.|
for %%f IN (*.dtsx) DO dtutil.exe /File %%f /Decrypt <promissory password> /encrypt file;%%f;3;<new password>
- Setting the protection level of packages
- Security considerations for Integration Services
- Package protection level
- dtutil utility
Article ID: 906562 - Last Review: Mar 29, 2017 - Revision: 4