# IIS Encryption Setup If you're using IIS to host your on-premise version you may setup the variable in the IIS configuration editor as shown below or as a more secure alternative you may also use an [Azure key vault](https://azure.microsoft.com/en-us/services/key-vault/) to store your key. {% hint style="info" %} While you could also store the key in directly the web.config file we would recommend not using that approach and set the environment variables either at your host level or using the IIS configuration editor as shown below. {% endhint %} \ Open IIS administration interface and go to your site settings page. ![](/files/-MI2MsV49K6Ywqx3Zds5) From within the configuration editor select the environmentVariables option ![](/files/-MI2ODkfXyjPLj76fAiD) From there you can enter the key that will be used for encryption / decryption. ![](/files/-MI2LoUJpJ8k3uUaNFok) ## 🔐 IIS / Azure key vault To use an Azure key vault to host and store your ngSurvey settings and keys you may set following environment variables on your server. * **KeyVault:Name** is the name of your Key vault * **AzureAd:ClientId** is the client id to access your Key vault * **AzureAd:ClientSecret** is the client secret to access your key vault --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ngsurvey.com/data-encryption/encryption-setup/transparent-encryption/iis-encryption-setup.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.