public override System.Xml.XmlNode Decrypt(System.Xml.XmlNode encryptedNode) { //note: in order to verify the protected configuration route without going via s3, use the following line //string xmlRaw = "<sampleConfig><settings sampleConfigSetting=\"Sucess. This Setting came from code.\"></settings></sampleConfig>"; //setup parameters we need to know (note: this could be extended to be further provider-based) string awsAccessKey, awsSecretKey, bucketName, objectKey; //collect parameter values XmlNode settingsNode = encryptedNode.SelectSingleNode("/EncryptedData/s3ProviderInfo"); awsAccessKey = settingsNode.Attributes["s3AccessKey"].Value; awsSecretKey = settingsNode.Attributes["s3SecretKey"].Value; bucketName = settingsNode.Attributes["s3BucketName"].Value; objectKey = settingsNode.Attributes["objectKey"].Value; //get value from s3 var service = new S3Service { AccessKeyID = awsAccessKey, SecretAccessKey = awsSecretKey, UseSsl = true, UseSubdomains = true }; string xmlRaw = service.GetObjectString(bucketName, objectKey); //cast to XmlDocument var doc = new XmlDocument(); doc.LoadXml(xmlRaw); //return node return(doc.ChildNodes[0]); }