Only drawback of using the DataProtectionConfigurationProvider provider, is that it uses the DPAPI (Data Protection API) which has a Machine Key based secret key used for encryption / decryption, which means that you cannot encrypt the string on your local machine, then upload the file onto the server. The encryption will have to be done on the server itself.

But to just encrypt a bunch of conn strings / config settings to prevent the casual user from having a snoop, this works great! :)