Admin Console Password Encryption

Beginning with v2017.3, the Admin Console password is now encrypted by default when entered into the Admin Console or when set through an API call. This is done to increase the security of credential storage by preventing plain text passwords from being saved to disk in the unencrypted version of the configuration file.

Note. If updating from an older version, existing passwords will not be encrypted automatically.

There are two ways to set an encrypted Admin Console password: Using the Admin Console or the API.

Using the Admin Console

  1. Browse to the Admin Console

  2. Navigate to General > Other Settings

  3. Enter the desired password into the Password and Confirm Password fields


  4. Click Apply or OK

To verify that the configuration contains the encrypted password, open the XML config file in a text or XML editor and locate the <password> node.


The value should be an encrypted string surrounded by brackets [ ].

Using the API

To add an encrypted password to a programmatically generated config file:

api.General.Password = api.General.EncryptPassword("mypassword");
api.SaveData(); // Save the configuration file to disk

To verify whether two passwords match:

bool IsMatch = api.General.CheckPassword("mypassword", api.General.Password);

To verify if an existing password is encrypted:

bool IsEncrypted = api.General.IsHashedPassword(api.General.Password);

Additional information

Password encryption is one-way. An encrypted password cannot be decrypted into plain text.

The encryption algorithm used is SHA-256. Passwords are salted.

Note. We still recommend that the plain text config file (e.g. WebReports.xml) is removed in favor of the encrypted config file (e.g. WebReports.xml.enc) in a production environment. See Security Checklist for more information.

Hidden Article Information

Article Author
Exago Development
created 2017-12-28 19:45:09 UTC
updated 2017-12-29 22:47:51 UTC

security, encrypt, authenticate, 17.3, 2017.3, credential, pass, username,
Have more questions? Submit a request