Protecting application secrets,such as database connection strings
and passwords,requires careful consideration of a number of pertinent
factors such as how sensitive the data is,who could gain access to
it,how to balance security,performance,and maintainability,and so
forth. This article explains the fundamentals of data protection and
compares a variety of techniques that can be used to protect
application settings. The author discusses what to avoid,such as
hiding keys in source code and the use of Local Security Authority. In
addition,he presents some effective solutions such as the Data
Protection API.

Safeguard Database Connection Strings and Other Sensitive Settings in Your Code

How To: Use DPAPI to Encrypt and Decrypt Data (C#/VB.NET)