Advent of Code is back! Unwrap daily challenges to sharpen your Alteryx skills and earn badges along the way! Learn more now.

Alteryx Server Discussions

Find answers, ask questions, and share expertise about Alteryx Server.
SOLVED

How are Gallery Data Connection Passwords Encrypted

DCPDamon
8 - Asteroid

Has anyone found any documentation on how credentials for data Connections setup in Gallery are encrypted?  I can't find anything.  We're doing a security review with out IT and they are interested in technical specifics.

7 REPLIES 7
EricWe
Alteryx
Alteryx

Hi @DCPDamon

 

The Gallery data connection passwords are encrypted with the Windows Crypto API libraries. The actual passwords are not stored.  The hashed password are stored in the MongoDB. Click on this link for more information Microsoft Crypto API.  

 

Eric 

EricWe
Alteryx
Alteryx

Hi @DCPDamon

 

Here are a few more details. Data source credentials are stored in the workflow XML and are encrypted are encrypted using the Microsoft Data Protection API with a 25-character salt. For more information see: Windows Data Protection

 

Eric 

 

 

DCPDamon
8 - Asteroid

Eric, this is exactly what I was looking for!  Is this documented anywhere officially?  Or just common knowledge?  It'd be great to have an Alteryx hosted site I can link to referencing that you use this method.

EricWe
Alteryx
Alteryx

Hi @DCPDamon

 

It is information from our Support Knowledge Manager. Community is the place to look. We are always proactively adding to the Knowledge Base on Community, but if anything needed is missing, just let us know.  

 

Eric 

DCPDamon
8 - Asteroid

@EricWe , what is the support knowledge manager?  I've never heard of that?  How can I access it?

EricWe
Alteryx
Alteryx

Hi @DCPDamon

 

The Support Knowledge Manager is a person that manages knowledge base content for the Alteryx Support Team. The Community is the place to look for this type of information. Just post a message if you need anything. Unanswered messages are sent to the Support Team. 

 

 

grossal
15 - Aurora
15 - Aurora

Hello everyone,

 

I know this is already marked as solved, but I wanted to jump in anyway because I don't find this answer sufficient and maybe others would like additional details too. I'd like to cite the important phrases from one of the Alteryx documents:

 

  • Communication between a web browser and the Gallery uses standard HTTP (via port 80). The Server also supports SSL encryption and can be configured to use HTTPs (via port 443). Passwords used when logging in to the Gallery are encrypted
    using BCrypt and never sent or stored in clear text.
  • Internal communication between Worker, Gallery and Controller nodes occurs over HTTP and is encrypted using RC4. Each request is encrypted using the Controller token as a shared secret, as well as including additional salt and timebased information, to help ensure a secure, time-sensitive payload.
  • Communication between the Service Layer components and the MongoDB persistence layer occurs over TCP/IP (via port 27018). For embedded MongoDB the host, username, and password are automatically generated and the password is encrypted as well.

 

Document: https://downloads.alteryx.com/Documentation/Alteryx%20Technical%20Overview.pdf

 

I coulnd't find a more recent version of the document, but these have changed as far as I am aware of. The only thing that might have changed is the internal communication - this might be https right now.

 

 

Best

Alex