[摘要] One of the major points of interest in software engineering nowadays is how to ensure applic- ations  configuration files’ security.  In fact, they very often contain  confidential information  as database  connection credentials,  thereby  providing a vulnerability  point to these applications, for those files having their  information  clearly written.   Some studies  upon 2200 applications revealed that  96% of them  where vulnerable,  and  that  80% of those  vulnerable  applications contained vulnerabilities  exposed by incorrect configuration information  management. Encryp- tion  is then  used to  secure these  delicate  files.  The  difficulty then  resides in the  usage and backup of the encryption  key so as to guarantee  data  security.  To do this, current approaches are either to hide the encryption  key in the application  source code or somewhere on disk, it’s safety then being compromised; or to protect the key by bounding it to a specific user account, the application  can then operate only within this account, obligating that  user to be physically present for the  key to be available,  which is an unacceptable constraint for large systems.  In this  paper,  we propose  an  encryption  key management model solving limitations  mentioned above.  The key lies only in main memory, which is great  for its protection;  it is subjected  on a secure and flexible way (directly,  through  https  or SMS) to the  files security  module when starting.