How Redgate Monitor protects secrets

Monitored entity credentials

Redgate Monitor uses AES GCM to encrypt and protect credentials for monitored entities. The keys used to encrypt these secrets are stored in a file located on the file system of the base monitor host. A unique 256-bit encryption key is randomly generated for each base monitor during installation.

Monitor user passwords

Redgate Monitor applies PBKDF2 hashing to passwords stored in the repository. The current version of Redgate Monitor applies a 256-bit hash, with a 128-bit randomly generated salt and uses 600,000 iterations. This configuration will be regularly reviewed by Redgate and upgraded in future releases to keep pace with current security recommendations.

Random number generation

Redgate Monitor uses the .NET Cryptographic random number generator to create cryptographically strong random values for encryption keys and salts.


Didn't find what you were looking for?