SQL Monitor 13

How SQL Monitor protects secrets

Page last updated 12 April 2023

Monitored entity credentials

SQL Monitor uses AES GCM to encrypt and protect credentials for monitored entities. The keys used to encrypt these secrets are stored in a file located on the file system of the base monitor host. A unique 256-bit encryption key is randomly generated for each base monitor during installation.

Monitor user passwords

SQL Monitor applies PBKDF2 hashing to passwords stored in the repository. The current version of SQL Monitor applies a 256-bit hash, with a 128-bit randomly generated salt and uses 600,000 iterations. This configuration will be regularly reviewed by Redgate and upgraded in future releases to keep pace with current security recommendations.

Random number generation

SQL Monitor uses the .NET Cryptographic random number generator to create cryptographically strong random values for encryption keys and salts.

Do you have any feedback on this documentation?

Let us know at sqlmonitorfeedback@red-gate.com

Didn't find what you were looking for?

Product Articles

Tips and how-to guides for Redgate products

University

Easy to follow video courses

Community Forums

Ask, discuss, and solve questions about Redgate's tools

Events & Friends

Meet us at an event, get sponsored, and join our Friends of Redgate

Simple Talk

In-depth articles and opinion from Redgate's technical journal