Secure Passwords

This information is applicable for AutoClassifier v6.0.1.0-17704 and later.

  • AutoClassifier does not encrypt passwords stored in configuration by default.

  • To secure passwords, you must configure AutoClassifier to encrypt them

Environment Variables

Password encryption requires the following environment variables to be set:

  • BAInsightSecurityEncriptionKey

    • The value of this environment variable is used as key encryption algorithm.

    • Example: RgUkXp2s5v8y/B?E(H+KbPeShVmYq3t6

  • BAInsightSecuritySaltKey

    • The value of this environment variable is used as a salt key for the encryption algorithm.

    • Note that the BAInsightSecuritySaltKey value must be at least 8 characters.

    • Example: TjWnZr4u7x!A%D*G-KaPdRgUkXp2s5v8

Note 1: If you want to change your encryption and/or salt keys later, you must manually re-enter all the configured passwords in the AutoClassifier configuration, including the Configuration Database connection string. Before re-entering the passwords, you need to recycle all of the AutoClassifier websites application pools.

Note 2: If you use other BA Insight products that also use this encryption mechanism, the same keys are used for all such products. If you don't know this information, please contact BA Insight Support Team.

Note 3: If you install AutoClassifier in a multi-server environment, you need to set up the same environment variables on all the servers running AutoClassifier.

Note: When reading the values from the environment variables, the priority is to first read the user environment variables, and if user variables are not set, the system environment variables are checked. If you want to have multiple user accounts running multiple BA Insight products that use this encryption mechanism, you can either set up the environment variables for each of the users, or set up the system environment variables. Note that the system environment variables are accessible for all users and this may not align with your security policy.

Upgrades

If you upgrade from version 6.0.1.0-17704 or earlier, you must manually re-enter all configured passwords and the Configuration database connection string.