Default Settings for On-Disk Encryption

On-disk encryption protects data at rest. The following table describes initial support:
On-Disk Encryption and Encoding
Content and Context
Algorithm
Configuration
Login password on disk in the metadata
AES1
Controlled by the STOREPASSWORDS option in the metadata server's omaconfig.xml file.
Internal account password on disk in the metadata
SHA-2562
Controlled by the HASHPASSWORDS option in the metadata server's omaconfig.xml file.
Password on disk in a configuration file
SASProprietary
If you have SAS/SECURE, you can upgrade to AES.
Most other metadata on disk
None
Not configurable.
SAS data sets on disk
None
To apply encryption, use the ENCRYPT= data set option.3
1If you don't have SAS/SECURE, SASProprietary is used.
2If you don't have SAS/SECURE, MD5 is used.
3The ENCRYPT= data set option uses a proprietary encryption algorithm that is not the same as the SASProprietary algorithm.
Note: Configuration files and metadata repository data sets should also be host protected.