A solution manager diagnostics agent (e.g., a standalone program) may store and use configuration files stored on a file system associated with the solution manager diagnostics agent. The solution manager diagnostics agent may perform a series of tasks (e.g., monitoring, root cause analysis, data collection) on a productive system according to its configuration files, and then transmit the results, over a network, to a solution manager, which processes the results obtained by the solution manager diagnostics agent. However, the configuration files may include sensitive information such as password information. As such, the configuration files may require protection in order to prevent hackers from obtaining the sensitive information contained in the configuration files. Conventionally, the solution manger diagnostics agent may encrypt the configuration files using an encryption key provided by an administrator, and then store the encryption key on the file system. The encryption key may be valid until the administrator decides to change the encryption key (e.g., following the appropriate security policy), in which case the solution manager diagnostics agent may re-encrypt the configuration files. However, this conventional method does not provide a flexible protection mechanism, which can vary of a level of security depending on the user's requirements.