Encryption Tasks

How to Increase Encryption Strength for Passwords at Rest

For passwords in configuration files, use the SAS Deployment Manager's password update utility and supply AES-encrypted passwords. See Password Updates for Service Accounts.

For passwords in the metadata, AES encryption is used by default if you have SAS/SECURE (so no configuration activity is necessary in order to maximize protection).

Note: If the metadata server's omaconfig.xml file specifies STOREPASSWORDS="SAS002", passwords in metadata are stored in SASProprietary format (even if you have SAS/SECURE). The metadata server's omaconfig.xml file is located in your equivalent of SAS/Config/Lev1/SASMeta/MetadataServer/. [cautionend]

CAUTION:: Passwords that are stored in SAS003 format become unusable and inaccessible if SAS/SECURE is unavailable.
If SAS/SECURE is installed, the default format for stored passwords is SAS003. It is important to keep your SAS/SECURE license current. If you choose to discontinue use of SAS/SECURE, you must revert all stored passwords to SAS002 format before uninstalling the software. To revert passwords, set STOREPASSWORDS="SAS002", restart the metadata server, and use SAS Management Console to re-enter passwords in any logins that need to include passwords.

Top of Page