You definitely don’t want to be creating a new Public/Private key each time as you would lose anything that was encrypted with any previous key pair. I also don’t think you should use RSA as you’re not trying to communicate with 3rd Parties, you just want to encrypt/decrypt your own data so using AES would be more suitable. Each server would just need a copy of the AES Key to be able to encrypt/decrypt the same data.
You’ll want to read an overview on both Asymmetric Encryption like RSA which uses a public/private key pair, and Symmetric Encryption like AES which can be encrypted and decrypted with the same key that’s both faster than RSA and also suitable for encrypting large payloads. I think the docs in the Encrypted Messaging provides a good overview since it uses the strengths of both RSA and AES to communicate large payloads efficiently.
Basically I’d recommend using AES here since Asymmetric Key Encryption isn’t required. You can create a new AES key with:
byte key, iv;
AesUtils.CreateKeyAndIv(out key, out iv);
The IV acts like a password salt and can be public, so after you generate it once you can hard code it in your code-base for instance. You’d then use it along with your key to encrypt/decrypt your AppSettings which you can do with:
var encryptedText = AesUtils.Encrypt(textValue, key, iv);
Which you can then decrypt with:
var textValue = AesUtils.Decrypt(encryptedText, key, iv);