Skip to main content

[en] Password Encryption

[en] Passwords in connection strings are auto-detected and replaced with __ENC_PWDn__. Multiple passwords are detected and encrypted. The password is stored encrypted in a separate part of the XML. Existing passwords will not be encrypted until users click off of the tool.

[en] Password Security

[en] Alteryx makes no guarantee that encrypted passwords are secure.

[en] Password encryption options are available in the Input Data toolOutput Data toolConnect In-DB tool, and Data Stream In tool.

  • [en] Hide: This hides the password using minimal encryption.

    • [en] The key to decrypt the password will reside in Alteryx so there is no loss of functionality.

    • [en] A copied tool will work on any computer for any user and they will be able to read/write any SQL.

    • [en] Analytic Apps and Schedules will be able to use this password.

    • [en] We do not recommend using the Hide method when sharing workflows with individuals that you would not want to have access to your credentials.

  • [en] Encrypt for Machine: Any user or service on this machine will be able to fully use this workflow.

    • [en] Analytic Apps and Schedules (and other services) can use this workflow on this specific machine.

    • [en] Implemented by Windows CryptProtectData API with CRYPTPROTECT_LOCAL_MACHINE option.

  • [en] Encrypt for User: Only a user with the same logon credential as the user who encrypted the data can decrypt the data. The encryption and decryption must also be done on the same computer. However, a user with a roaming profile can decrypt the data from another computer on the network.

    • [en] Analytic Apps and Schedules (and other services) can NOT use this workflow on any machine.

    • [en] Implemented by Windows CryptProtectData API.

: