How can I encrypt the data config portion here?:

<dataConfig> 
<dataSource type="JdbcDataSource"  driver="com.microsoft.sqlserver.jdbc.SQLServerDriver"  
url="jdbc:sqlserver://127.0.0.1;databaseName=emp" user="user" password="user"/> 
<document name="reviews"> 
   <entity name="COMMON" query="select id,name from users" > 
       <field column="id" name="id"/> 
       <field column="name" name="name"/>
  </entity> 
</document> 
</dataConfig>

Basically, I don't want to expose the user and password.

Alternately, if data config files cannot be encrypted (partly or completely), can I do indexing of a database using SolrJ such that I do not have to configure a data config file? That is, I pass the url and authentication parameters using SolrJ apis?

A more secure option, I would suggest is to configure a JNDI in your webserver.

How to configure a JNDI? This Page explains how to do so with Tomcat. It can be done for other popular webservers as well.

You can use the JNDI name in your data config file as follows:

< dataSource name="xyz" jndiName="jdbc/xyz" type="JdbcDataSource"/>

See: https://wiki.apache.org/solr/SolrConfigXml#System_property_substitution

You can keep them as properties in the file <solr.home>/conf/solrcore.properties and refer them in your data config. So your data-config.xml will be like:

<dataSource type="JdbcDataSource"
            driver="com.microsoft.sqlserver.jdbc.SQLServerDriver"    
            url="jdbc:sqlserver://${jdbc.host}:${jdbc.port}/${db.name}" 
            user="${jdbc.username}" 
            password="${jdbc.password}"/>

where everything in ${...} is a property in solrcore.properties like:

jdbc.host=http://127.0.0.1
jdbc.port=3306
db.name=emp
...