Beginning with v2017.3, the Admin Console password is now encrypted by default when entered into the Admin Console or when set through an API call. This is done to increase the security of credential storage by preventing plain text passwords from being saved to disk in the unencrypted version of the configuration file.
If updating from an older version, existing passwords will not be encrypted automatically.
There are two ways to set an encrypted Admin Console password: Using the Admin Console or the API.
Using the Admin Console
- Browse to the Admin Console
- Navigate to General > Other Settings.
- Enter the desired password into the Password and Confirm Password fields
- Click Apply or Okay
To verify that the configuration contains the encrypted password, open the XML config file in a text or XML editor and locate the <password> node.
The value should be an encrypted string surrounded by brackets [ ].
Using the API
To add an encrypted password to a programmatically generated config file:
api.General.Password = api.General.EncryptPassword("mypassword"); api.SaveConfigToFile(); // Save the configuration file to disk
For versions pre-2019.2:
api.General.Password = api.General.EncryptPassword("mypassword"); api.SaveData(); // Save the configuration file to disk
To verify whether two passwords match:
bool IsMatch = api.General.CheckPassword("mypassword", api.General.Password);
To verify if an existing password is encrypted:
bool IsEncrypted = api.General.IsHashedPassword(api.General.Password);
Password encryption is one-way. An encrypted password cannot be decrypted into plain text.
We still recommend that the plain text config file (e.g. WebReports.xml) is removed in favor of the encrypted config file (e.g. WebReports.xml.enc) in a production environment. See Security Checklist for more information.