SSIS: Unable to access sensitive parameter in script task using GetSensitiveValue() in DontSaveSensitive mode

c# sql-server ssis

Running SQL Server 2014. I am following the instructions on the following web-link:

https://www.hansmichiels.com/2016/11/19/using-sensitive-parameters-ssis-series/

Basically, I don't think what has been posted on this site is correct. The author contends that a package can be set to 'DontSaveSensitive' while being able to access to parameters that are set to sensitive. Whenever I try this, I get a blank value in the GetSensitiveValue() function and the package just runs continuously. Just for grins, I deployed the package to the server and set the sensitive environment variables, but the package continued to run continuously.

The package runs successfully when it is set to 'EncryptSensitiveWithUserKey'.

TL,DR

Is it possible to access parameter values in a C# script task where the package is set to 'DontSaveSensitive' or do I have to 'EncryptSensitiveWithUserKey'?

Update: All three variables below are selected as read-only but return blank during debug. Note: the parameter values are populated with data.

    public void Main()
    {
        // Variable declaration(s).
        string strSftpUserName = (string)Dts.Variables["$Package::SftpUserName"].GetSensitiveValue();
        string strSftpPassword = (string)Dts.Variables["$Package::SftpPassword"].GetSensitiveValue();
        string strSshHostKeyFingerprint = (string)Dts.Variables["$Package::SftpSshHostKeyFingerprint"].GetSensitiveValue();

        // Setup session options.
        SessionOptions sessionOptions = new SessionOptions
        {
            // Set session options here.
        };

        try
        {
            using (Session session = new Session())
            {                   
                // Do something here.
            }

            Dts.TaskResult = (int)ScriptResults.Success;
        }
        catch (Exception ex)
        {                
            // Print results to SSIS log.
            Dts.Events.FireError(0, strTaskName, ex.Message, null, 0);

            // Something went wrong, report a failure.
            Dts.TaskResult = (int)ScriptResults.Failure;
        }
    }

Solution 1:

I figured it out. The short story is that the parameter must be set to sensitive, the parameter value must be retrieved with GetSensitiveValue(), and both the package and project have to be encrypted via the ProtectionLevel. I chose to EncryptWithUserKey. Next is to create sensitive environment variables that are then mapped to the package parameters. Final point (which I was missing), the package has to be compiled under the proxy account that is used to run the package.

https://docs.microsoft.com/en-us/sql/integration-services/security/access-control-for-sensitive-data-in-packages?view=sql-server-2017

Related

What's causing the tuple and get error in the django?
Refused to apply style because its MIME type ('application/json') is not a supported
Add labels to grouped seaborn barplot from DIFFERENT COLUMN
ReactJS typescript error Parameter props implicitly has 'any' type
What is v-if in react
Visualization of calendar events. Algorithm to layout events with maximum width
Is it better to avoid using the mod operator when possible?
Is it bad practice to use the same variable name in multiple for-loops?
Asynchronous exception handling in Python
How to add a class with React.js?
Is ini_set('max_execution_time', 0) a bad idea?
iPhone App Development on Ubuntu [duplicate]