Dynamics CRM provides two different configuration fields for plugins, the unsecure configuration and the secure configuration. The biggest difference that you’ll seen mentioned between these two settings is that the secure configuration is only viewable by CRM Administrators while the unsecure configuration is viewable by any CRM user. However, there’s another important difference: the unsecure config will automatically move between environments with your CRM solutions.
This means that even a setting that you might consider fine to let any CRM user read like the URL of a website or settings to enable more verbose trace logging in a development environment might be more appropriate in the secure configuration if you want it to be different between environments. Otherwise, you have to worry about overriding the unsecure config setting in production with the value you have in your development environment every time you import a solution containing the plugin step.
Example Uses
| Web service credentials | Secure Config |
| Website URL that differs between environments | Secure Config |
| Log settings that you don’t want to move with a CRM solution | Secure Config |
| Template string that you’d want to move with a CRM solution | Unsecure Config |
| Constants that you’d want to move with a solution like “MaxRetries” or “NumberOfDaysToFollowUp” | Unsecure Config |
Summary
Use the secure config when a setting is sensitive and shouldn’t be readable by any CRM user OR if you don’t want that setting to move between environments when importing/exporting solutions.
| Unsecure Config | Secure Config | |
| Readable by any CRM User | Yes | No |
| Moves Between Environments with Solutions | Yes | No |
| Available when Plugin is Registered for Outlook Offline Mode |
