Skip to main content

Password Encryption

Passwords in connection strings are auto-detected and replaced with __ENC_PWDn__. Multiple passwords are detected and encrypted. The password is stored encrypted in a separate part of the XML. Existing passwords will not be encrypted until users click off of the tool.

Password Security

Alteryx makes no guarantee that encrypted passwords are secure.

Password encryption options are available in the Input Data tool, Output Data tool, Connect In-DB tool, and Data Stream In tool.

  • Hide: This hides the password using minimal encryption.

    • The key to decrypt the password will reside in Alteryx so there is no loss of functionality.

    • A copied tool will work on any computer for any user and they will be able to read/write any SQL.

    • Analytic Apps and Schedules will be able to use this password.

    • We do not recommend using the Hide method when sharing workflows with individuals that you would not want to have access to your credentials.

  • Encrypt for Machine: Any user or service on this machine will be able to fully use this workflow.

    • Analytic Apps and Schedules (and other services) can use this workflow on this specific machine.

    • Implemented by Windows CryptProtectData API with CRYPTPROTECT_LOCAL_MACHINE option.

  • Encrypt for User: Only a user with the same logon credential as the user who encrypted the data can decrypt the data. The encryption and decryption must also be done on the same computer. However, a user with a roaming profile can decrypt the data from another computer on the network.

    • Analytic Apps and Schedules (and other services) can NOT use this workflow on any machine.

    • Implemented by Windows CryptProtectData API.