How SQL Monitor protects secrets

Monitored entity credentials

SQL Monitor uses AES GCM to encrypt and protect credentials for monitored entities. The keys used to encrypt these secrets are stored in a file located on the file system of the base monitor host. A unique 256-bit encryption key is randomly generated for each base monitor during installation.

Monitor user passwords

SQL Monitor applies PBKDF2 hashing to passwords stored in the repository. The current version of SQL Monitor applies a 256-bit hash, with a 128-bit randomly generated salt and uses 600,000 iterations. This configuration will be regularly reviewed by Redgate and upgraded in future releases to keep pace with current security recommendations.

Random number generation

SQL Monitor uses the .NET Cryptographic random number generator to create cryptographically strong random values for encryption keys and salts.


Do you have any feedback on this documentation?

Let us know at sqlmonitorfeedback@red-gate.com


Didn't find what you were looking for?