Dataiku password security

Options
Ankit96140
Ankit96140 Registered Posts: 9 ✭✭✭✭

Do Dataiku use AES-256 encryption to store the 3rd party passwords ? also is there any way to configure these algorithms

Also how frequently the encryption keys are rotated ?

Answers

  • TheophileT
    TheophileT Dataiker, Dataiku DSS Core Designer Posts: 6 Dataiker
    edited July 17
    Options

    You can find more information here: https://doc.dataiku.com/dss/latest/security/passwords-security.html#rd-party-system-credentials.

    Both AES-128, AES-192 and AES-256 are supported, and you can configure your key length with the dip.properties:

    dku.security.passwordsEncryption.aesKeyLength

    Keep in mind that depending on your Java version you may need to adjust your JCE policy.

    There is no mechanism to rotate the encryption key. Fundamentally, DSS needs to be able to actually send the raw password so the encryption key is stored in the DSS data directory. So if the encryption key is compromised you should assume that the attacker also had access to the encrypted 3rd party password and you should consider that those 3rd party password are also compromised.

Setup Info
    Tags
      Help me…