MID Server configuration file security Sensitive MID Server configuration data can be protected using several different schemes, including internal and external data encryption and external data storage. The MID Server provides the following built-in security options for content in the config.xml file: Default security provider: Secures the data in the config.xml file by encryption. When the MID Server is restarted, any unencrypted data is encrypted and written to the config.xml file. The default security provider offers these encryption options: Default encryptor: Default process for encrypting data in the MID Server config.xml file. See Encrypt MID Server login credentials for details. Windows Data Protection API (DPAPI): The operating system performs the data encryption, rather than the MID Server. DPAPI encryption is based on the logged in user's account. When this scheme is used, the data can only be decrypted by the same user account. If the account changes, the data must be re-encrypted. Custom encryption: Implement the IMidServerEncrypter interface to create your own custom encryption scheme to manage sensitive config.xml data. CyberArk: Data security is provided by CyberArk's Privileged Account SecurityCyberArk's Privileged Account Security system, which moves sensitive data from the config.xml file to a secure CyberArk vault. This solution does not encrypt the data. Custom external storage: Implement the ISecuredConfigProvider interface to create your own custom external storage system to manage sensitive config.xml data. Figure 1. Secured content and encryption schemes Encrypt MID Server configuration data with DPAPIWindows Data Protection API (DPAPI) encrypts sensitive data from the config.xml file, based on the MID Server user account.Use CyberArk as a secure configuration providerYou can use a CyberArk vault to secure any sensitive data from the MID Server config.xml file.Change MID Server configuration file security schemesThe MID Server provides several schemes for securing sensitive data in the config.xml file and allows you to switch between these options to suit your security requirements.MID Server ISecuredConfigProvider interfaceUse the methods in this interface to create custom providers that manage secured parameter values in the MID Server config.xml file.MID Server IMidServerEncrypter interfaceUse the methods in this interface to create a custom external encrypter for the MID Server config.xml file.
MID Server configuration file security Sensitive MID Server configuration data can be protected using several different schemes, including internal and external data encryption and external data storage. The MID Server provides the following built-in security options for content in the config.xml file: Default security provider: Secures the data in the config.xml file by encryption. When the MID Server is restarted, any unencrypted data is encrypted and written to the config.xml file. The default security provider offers these encryption options: Default encryptor: Default process for encrypting data in the MID Server config.xml file. See Encrypt MID Server login credentials for details. Windows Data Protection API (DPAPI): The operating system performs the data encryption, rather than the MID Server. DPAPI encryption is based on the logged in user's account. When this scheme is used, the data can only be decrypted by the same user account. If the account changes, the data must be re-encrypted. Custom encryption: Implement the IMidServerEncrypter interface to create your own custom encryption scheme to manage sensitive config.xml data. CyberArk: Data security is provided by CyberArk's Privileged Account SecurityCyberArk's Privileged Account Security system, which moves sensitive data from the config.xml file to a secure CyberArk vault. This solution does not encrypt the data. Custom external storage: Implement the ISecuredConfigProvider interface to create your own custom external storage system to manage sensitive config.xml data. Figure 1. Secured content and encryption schemes Encrypt MID Server configuration data with DPAPIWindows Data Protection API (DPAPI) encrypts sensitive data from the config.xml file, based on the MID Server user account.Use CyberArk as a secure configuration providerYou can use a CyberArk vault to secure any sensitive data from the MID Server config.xml file.Change MID Server configuration file security schemesThe MID Server provides several schemes for securing sensitive data in the config.xml file and allows you to switch between these options to suit your security requirements.MID Server ISecuredConfigProvider interfaceUse the methods in this interface to create custom providers that manage secured parameter values in the MID Server config.xml file.MID Server IMidServerEncrypter interfaceUse the methods in this interface to create a custom external encrypter for the MID Server config.xml file.
