Credential storage

All sensitive data is stored in the Credential Vault using AES-256 encryption.

These credentials are encrypted by the Credential Vault service to conform to NIST SC-28 and to prevent unauthorized access or disclosure of credentials. Only encrypted credentials travel from the Control Room to the Database server and are stored in the database in an encrypted form. The data encryption key encrypts all credentials using an AES 256-bit key generated by a FIPS 140-2 Level 1 validated module to meet the NIST IA-7, SC-12, and 13 requirements for implementation of mechanisms for authentication to a cryptographic module that meets the requirements of applicable federal laws.

The data for user credentials for autologin to Bot Runners is also encrypted and securely stored in the Credential Vault with the bot credentials.