Password Encryption

Version:
Current
Last modified: June 02, 2020

Passwords in connection strings are auto detected and replaced with __ENC_PWDn__. Multiple passwords are detected and encrypted. The password is stored encrypted in a separate part of the XML. Existing passwords will not be encrypted until users click off of the tool.

Password security

Alteryx makes no guarantee that encrypted passwords are secure.

Password encryption options are available in the Input Data toolOutput Data toolConnect In-DB tool, and Data Stream In tool tools.

  • Hide: This hides the password using minimal encryption (DES).
    • The key to decrypt the password will reside in Alteryx so there is no loss of functionality.
    • A copied tool will work on any computer for any user and they will be able to read/write any SQL.
    • Analytic Apps and Schedules will be able to use this password.
    • We do not recommend using the Hide method when sharing workflows with individuals that you would not want to have access to your credentials.
  • Encrypt for Machine: Any user or service on this machine will be able to fully use this workflow.
    • Analytic Apps and Schedules (and other services) can use this workflow on this specific machine.
    • Implemented by Windows CryptProtectData API with CRYPTPROTECT_LOCAL_MACHINE option
  • Encrypt for User: The currently logged in user can use this workflow on any machine.
    •  Analytic Apps and Schedules (and other services) can NOT use this workflow on any machine.
    • Implemented by Windows CryptProtectData API
Was This Helpful?

Running into problems or issues with your Alteryx product? Visit the Alteryx Community or contact support.