We are writing an windows service that needs to spit out a CSV that a third party application will then use to push up to a SaaS system. The third part tool and HTTPS stream to the SaaS tool is using TLS 1.2 and looks good.
My concern is the CSV at rest during the time the CSV (unencrypted data) is at rest.
one of our developers mentioned using C# File.Encrypt to encrypt the file by the service account running the last (Task Scheduler) and the same account would kick off the third part tool on a scheduled time and it would be decrypted.
As the title suggests, how secure is this or easy to crack? There will be PII information, so I want to make sure what we choose makes sense.
*UPDATE * To provide some extra context, We are trying to use a SalesForce CRM tool called DataLoader. This is a batch import tool into SalesForce. The vendor we are working with wants us to trigger the executable based on a windows task scheduler. The scheduler would require us to have a file that they consume because DataLoader inherently does not support push, only pull from a local file. TRUST ME if I could.. a database it would be :). I'm not a fan of the solution and would rather go an API route into SalesForce, but I'm a bit limited at the moment
Your developer is technically correct, if this is potential vulnerability then abandon it. If you want more control of the actual encryption then here are some options:
Encrypt a file using File.Encrypt and then Decrypt it to memory stream
Use a database.