How to handle SSIS Package Protection Level with DontSaveSensitive option

Protection Level is a SSIS Package property that is used to specify how sensitive information was stored.  You can check SSIS Package code, which is XML file, and for any attributes with Senstive="1", they would be handled by SSIS Package Protection Level configuration. For example, password would be one sensitive information.

<DTS:Password DTS:Name="Password" Sensitive="1">

The ProtectionLevel property can be selected from the following list of available options after you right click on the SSIS package and show the package properties:

• DontSaveSensitive
• EncryptSensitiveWithUserKey
• EncryptSensitiveWithPassword
• EncryptAllWithPassword
• EncryptAllWithUserKey
• ServerStorage

DontSaveSensitive means when you save your package, those sensitive information will not be saved to the package xml file. Before you set this option, the password area of OLE DB Connection Manager will be displayed with black doted hidden string. 

After you set the package with this option, the password area of OLE DB Connection Manager will be displayed with empty.

Note the default option for SSIS Protection Level would be EncryptSensitiveWIthUserKey. If you decided to change to DontSaveSensitive, you need to save your sensitive information somewhere else, otherwise, when you execute your package, following error mistake would appear:

Error: 0xC0202009 at Package, Connection manager "runeet2k8.sa": An OLE DB error has occurred. Error code: 0x80040E4D.

An OLE DB record is available.  Source: "Microsoft SQL Native Client"  Hresult: 0x80040E4D  Description: "Login failed for user 'sa'.".

This is because the password has been cleared out from the package, and thus the connection manager suffered from login failure.

You can  save your sensitive information to SSIS package configuration file.
First, you open Package Configuration in BIDS.

A package Configuration Organizer pop up window will appear.

Click on the Edit button, and the Package Configuration Wizard popup window will appear. You can specify the configuration file name, and type.

Click on the Next, then choose which properties to export. Here we choose password. Click Next button and choose Finish.

After you finished the SSIS package configuration, you need manually add your password into the configuration file.

<DTSConfiguration>

    <DTSConfigurationHeading>

        <DTSConfigurationFileInfo GeneratedBy="FAREAST\runeetv" GeneratedFromPackageName="Package" GeneratedFromPackageID="{77FB98FB-E1AF-48D9-8A43-9FD6B1790837}" GeneratedDate="22-12-2009 16:12:59"/>

    </DTSConfigurationHeading>

    <Configuration ConfiguredType="Property" Path="\Package.Connections[runeet2k8.sa].Properties[Password]" ValueType="String">

        <ConfiguredValue>Your Password</ConfiguredValue>

    </Configuration>

</DTSConfiguration>

Source: https://www.mssqltips.com/sqlservertip/2091/securing-your-ssis-packages-using-package-protection-level/
http://blogs.msdn.com/b/runeetv/archive/2009/12/22/ssis-package-using-sql-authentication-and-dontsavesensitive-as-protectionlevel.aspx