Page History
Profiles
For each ODBC, Database or Extensible Source Connection RED maintains an in-memory credential set including the username, password, and connection string for each connection. This in-memory credential set is what we term the ‘Profile’ for authentication during the session of RED.
The in-memory profile is session based and therefore the credentials are specific to the user logged on during that session. The connection string itself is however stored in the metadata so that each RED user still uses the same authentication method as other users while in the RED UI.
Saving Profiles to Disk
Profiles can be saved to disk so that users need not enter usernames and passwords into each of their connections whenever they log in to RED.
To save a Profile including session passwords, right click on the Connections node in the objects tree and select 'Save Profile'
...
Select a name to save the file as and choose to Include Session Passwords. To ensure that all credentials are stored then make
sure to open each connection and set the session credentials prior to saving the Profile.
Info | ||
---|---|---|
| ||
Session passwords are encrypted at rest (on the file in disk) during the save using Windows DPAPI (user-based) encryption. These profile files will therefore only ever be able to be used and decrypted by the Windows user who saved them. |
Creating your own RED Profile
...
Code Block | ||||
---|---|---|---|---|
| ||||
Add-Type -AssemblyName System.Security $myPass = "myp@ssw0rd!" # Convert the pwd string to a byte array. $bytes = [System.Text.Encoding]::Unicode.GetBytes($myPass) # Encrypt the byte array. $encryptedBytes = [System.Security.Cryptography.ProtectedData]::Protect( $bytes, $null, [System.Security.Cryptography.DataProtectionScope]::CurrentUser) # This is the equivalent form stored in the Profile files for RED $encryptedProfilePassword=[System.Convert]::ToBase64String($encryptedBytes) Write-Output $encryptedProfilePassword |
If for some reason you need to decrypt the profile file passwords in a script the below method shows how to do this. Note that only the same Windows User that encrypted the password in the first place will be able to decrypt it.
...