The easiest setup (one file for each machine)
All connection strings on production machines should be encrypted this is too easy just run the command
aspnet_regiis.exe-pef connectionstrings .
in the sites web root (the dot at the end indicates the directory)
Example
C:\Inetpub\webroot> c:\Windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_regiis.exe-pef connectionstrings .
Encrypting configuration section ...
Succeeded!
The hard and probebly the recomended way for web farms
All web.config should include
<configuration>
<configProtectedData>
<providers>
<add keyContainerName="Site_Key"
useMachineContainer="false"
name="SiteKeyProvider"
type="System.Configuration.RsaProtectedConfigurationProvider,System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</providers>
</configProtectedData>
Create key container
aspnet_regiis -pc "Site_Key" -exp
Export key container
aspnet_regiis -px "Site_Key" .\Site_Key.xml
Import key on another computer
aspnet_regiis -pi "Site_Key" ".\Site_Key.xml"
Grant access to the key for a user
aspnet_regiis -pa "Site_Key" "NT Authority\Network Service"
Cryp the connections section
aspnet_regiis -pef "connectionStrings" . -prov "SiteKeyProvider"
Read more
patterns & practices -How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSAEncrypting Web.Config Values in ASP.NET 2.0 by ScottGu