Setting the Protection Level of Packages

The following table describes the protection levels that Integration Services provides. The values in parentheses are values from the DTSProtectionLevel enumeration. These values appear in the Properties window that you use to configure the properties of the package when you work with packages in Business Intelligence Development Studio.

Protection level	Description
Do not save sensitive (DontSaveSensitive)	Suppresses the values of sensitive properties in the package when the package is saved. This protection level does not encrypt, but instead it prevents properties that are marked sensitive from being saved with the package and therefore makes the sensitive data unavailable to other users. If a different user opens the package, the sensitive information is replaced with blanks and the user must provide the sensitive information.
	When used with the dtutil utility (dtutil.exe), this protection level corresponds to the value of 0.
Encrypt all with password (EncryptAllWithPassword)	Uses a password to encrypt the whole package. The package is encrypted by using a password that the user supplies when the package is created or exported. To open the package in SSIS Designer or run the package by using the dtexec command prompt utility, the user must provide the package password. Without the password the user cannot access or run the package.
	When used with the dtutil utility, this protection level corresponds to the value of 3.
Encrypt all with user key (EncryptAllWithUserKey)	Uses a key that is based on the current user profile to encrypt the whole package. Only the user who created or exported the package can open the package in SSIS Designer or run the package by using the dtexec command prompt utility.
	When used with the dtutil utility, this protection level corresponds to the value of 4.
Encrypt sensitive with password (EncryptSensitiveWithPassword)	Uses a password to encrypt only the values of sensitive properties in the package. DPAPI is used for this encryption. Sensitive data is saved as a part of the package, but that data is encrypted by using a password that the current user supplies when the package is created or exported. To open the package in SSIS Designer, the user must provide the package password. If the password is not provided, the package opens without the sensitive data and the current user must provide new values for sensitive data. If the user tries to execute the package without providing the password, package execution fails.
	When used with the dtutil utility, this protection level corresponds to the value of 2.
Encrypt sensitive with user key (EncryptSensitiveWithUserKey)	Uses a key that is based on the current user profile to encrypt only the values of sensitive properties in the package. Only the same user who uses the same profile can load the package. If a different user opens the package, the sensitive information is replaced with blanks and the current user must provide new values for the sensitive data. If the user attempts to execute the package, package execution fails. DPAPI is used for this encryption.
	When used with the dtutil utility, this protection level corresponds to the value of 1.
Rely on server storage for encryption (ServerStorage)	Protects the whole package using SQL Server database roles. This option is supported only when a package is saved to the SQL Server msdb database. It is not supported when a package is saved to the file system from Business Intelligence Development Studio.