Report on Alteryx dataConnections collection

Question

Hi, I need to create a report on every IP address and schema our Alteryx Gallery connects to for compliance purposes. I am trying to do this by parsing the connection strings of stored data connections. However, the ConnectionString field in the dataConnections collection in the MongoDB looks to be a hex string, but running it through a hex to text converter results in garbage.

I don't know why this field is encrypted, I can see everything in it unencrypted from the UI if I edit a stored data connection.

Does anyone know how to unencrypt these ConnectionString fields?

LisaL · Answer

@mkeller @Treyson

I can't explain why the entire connection string is encrypted, but I can offer perspective on the scope of the task you've been assigned so you can manage the compliance group's expectations.  When you say that you can see everything in the UI unencrypted, that's only mostly true.  Depending on the particulars of the database credentialing, there are often encrypted passwords in  Gallery Data Connections that are not visible in clear text.  And of course, only a few people will have access to the Admin page of the gallery, so it's not as though every user can view them.  Nevertheless, this is the easiest way to see all the connection strings for all the Gallery Data Connections.

Another recommendation for you would be to look at the files on the server that represent the System data connections set up on the server instance of Designer.  You can find them in \%ProgramData%\Alteryx\Engine.

Now the disclaimer:

None of these includes every possible data connection that can be included in a workflow on gallery.  There is nothing to prevent users from specifying DSN-less connection strings which would be successful as long as the server has the appropriate driver installed.  Users can also encrypt workflows when uploading them, so even downloading every workflow might not allow direct access to every connection that gallery workflows might make.

And then there are also API calls...but that would be a separate topic.

mkeller · Answer

I am talking about all data connections of any type saved in the gallery when looking in the Mongo DB for their values

Treyson · Answer

I am going to leave a comment here to bump this. I am also curious.

When you are talking about 'saved connection strings' are you referring to gallery connections? Is the encryption only happening on Mongo connection strings?