Storing Credentials in JAMS and Their Security

Follow

JAMS stores the password and private keys for the JAMS users encrypted in the JAMS database in the UserSecurity table.

JAMS encrypts password and private key information when it is stored in the database. The standard JAMS installation uses a predefined encryption key which is adequate for many sites. 

For additional protection, users can generate a unique encryption key but, if this option is used, you must ensure that the encryption key is properly backed up and secure.

When users generate a unique encryption key, JAMS uses an encryption algorithm to reencrypt all of the password and private key information in the database:

  • JAMS V6 uses the Rijndael encryption algorithm
  • JAMS V7 uses Advanced Encryption Standard (AES) 

The generated key is then encrypted and stored using the Windows Data Protection API (DPAPI). The protected key is associated with the user account that the JAMS Server and Scheduler services run under.

Windows Data Protection API

If users would like to generate their own keys to protect their encrypted credential information, please see this reference documentation here:

Managing Encryption Keys

Have more questions? Submit a request

Comments