Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Password encryption in Saviynt database

FabianaS
New Contributor III
New Contributor III

Hello,

is it possible to have answers to the following concerns about password encryption in Saviynt Database?

  • Where is the key for encrypting password stored?
  • Is there just one key for all password or different keys?
  • How the password is protected  and encrypted in the SAV database?
  • What is the encryption algorithm?
  • I there any key rotation process in place?
  • Is it possible to change the encryption key manually? Is there also an automatic rotation process?
  • Can we store the password encryption key into CyberArk?

thank you

4 REPLIES 4

Raghu
All-Star
All-Star

@FabianaS  below info useful

The passwords are stored in the encrypted format using the bcrypt alogorithm in database.

 

1. Encryption Keys for SQLite Database:
- Typically, encryption keys for data stored in a SQLite database are managed by the application itself. Saviynt's password filter would likely generate and manage these encryption keys internally. The specific details of how these keys are managed, including whether they are stored securely or not, would be outlined in Saviynt's documentation or provided by their support team.

2. Encryption of Outbound Payloads:
- It's standard practice for sensitive data, such as passwords, to be encrypted before transmission over a network. Saviynt's password filter should employ encryption mechanisms (such as TLS/SSL) to ensure that all outbound payloads containing sensitive information are encrypted before being sent to the Saviynt Cloud instance

3. Options for Encrypting Payloads:
- Within the Saviynt password filter application, there should be configuration options to enable encryption for outbound payloads. These options might include specifying the encryption protocol, key management, and other settings related to data security. 

4. Encryption of Inbound Payloads:
- Similarly, inbound payloads from the Saviynt Cloud instance to application endpoints (whether in the cloud or on-premise) should also be encrypted. Saviynt likely employs encryption mechanisms to ensure the security of data in transit.


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.

rushikeshvartak
All-Star
All-Star

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

ClaudioC
New Contributor
New Contributor
  • How many keys are used? Just one and only to encrypt all the passwords or a unique key for each?
  • Is there in place a key rotation? ok the key is stored into the binary but is it always the same? 
  • Assuming that the keys are into the binary file.. are you going to confirm that it's not possible to change  manually the keys?  

Since this product security related question please check with csm to get correct answer


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.