For a customer I needed to customize the way an Entity Framework 6 database-first project connects to a SQL Server database. Normally you specify the connectionstring including some metadata about the model in the app.config file. You can choose either to use Windows Authentication or SQL Authentication. If you want to use SQL Authentication you must provide the username and password. These are by default not encrypted and my customer did not like the idea that users who have access to the application can open the configuration file with for example Notepad, and can read and in a worst scenario misuse these credentials. To help secure information in configuration files there are alternatives, but all are very hard to implement and will still ask you to write custom code for Entity Framework. As often, more ways lead to Rome, but I came with the following solution. I build manually the connectionstring in the constructor of the DbContext. First I added these keys in the section of the config file. You can choose your own encryption method to encrypt one or more keys.