How-To Guides
...
Encryption Mechanisms

Sensitive Data in the Kron PAM Database

1 min

Kron PAM stores all kinds of sensitive data:

Module

Sensitive Data

Encryption method

Core

Global system parameter: aioc.backup.ftp.password

AES256

Core

Global system parameter: netright.jdbc.password

AES256

Core

Global system parameter: hsm.keystore.load.password

AES256

Core

Global system parameter: hsm.keystore.entry.password

AES256

Core

Global system parameter: sc.integration.ldap.password_n, where n could be 0 or more (natural number)

AES256

Core

Global system parameter: sc.device.integration.ldap.password_n, where n could be 0 or more (natural number)

AES256

Core

Global system parameter: device.database.password_n, where n could be 0 or more (natural number)

AES256

Core

Global system parameter: http.proxy.ssl.ca.password

AES256

Core

Global system parameter: sc.aaa.freeradius.password

AES256

Core

Global system parameter: mail.password for email server

AES256

Core

User Accounts: local user account passwords

SHA256

Core

User Accounts: external user account passwords (LDAP or Active Directory)

Not stored

Core

SSH Key Management: local user account SSH private key

AES256

Core

SSH Key Management: local user account SSH public key

Plain

Core

SSH Key Management: local user group SSH private key

AES256

Core

SSH Key Management: local user group SSH public key

plain

Session Manager

globalPassword in Device Group parameters

AES256

Session Manager

globalEnablePassword in Device Group parameters

AES256

Session Manager

globalSshKey in Device Group parameters

AES256

Session Manager

globalSecretKey in Device Group parameters

AES256

Session Manager

Device parameter: remoteDesktop.sftp-password

AES256

Session Manager

Password (or other sensitive data) typed in RDP/VNC sessions with configured key logging

Masked

SAPM

new.password.encryption.key

AES256

SAPM

super.password

AES256

SAPM

Account passwords

AES256

SAPM

Account old passwords

AES256

SAPM

Account secret data

AES256

SAPM

Account SSH key

AES256

SAPM

Account SSH key passphrase

AES256

AAPM

AAPM account token

AES256

AAPM

Service Account Password

AES256

AAPM

“OS Account Password” for security level of “Basic + PIN + Path” and “Basic + PIN + Path + Hash”

AES256

RADIUS

“Certificate Private Key Password” in Radius 802.1x Config

AES256

Data Access Manager

Data Source Passwords

AES256

Cloud integration

AWS API Key

Plain

Cloud integration

AWS Secret Key

AES256

Cloud integration

Azure Client ID

Plain

Cloud integration

Azure Tenant ID

Plain

Cloud integration

Azure secret key

AES256

Cloud integration

Azure Subscription ID

Plain

Cloud integration

Google Cloud Platform client secret

AES256

MFA

2FA Provisioning: user token

Plain

MFA

2FA Provisioning: user group token

Plain

Controller

Instance SSH key

AES256

Controller

Instance password

AES256