How are the Env Variable Encrypted and secured by Connect?

I'm in the process of writing a security document for one of our client, and they want some details on how Connect encrypt the environment variables?

The documentation in the admin guide is light:

User-specified environment variables for applications are encrypted on-disk and in-memory. They are decrypted only when a process is about to be started.

Is there any other place I can find more information about how these env var are encrypted and secured?



I know I've seen Posit Connect Documentation Version 2024.02.0 - Command-Line Interface

--encrypt-config-value: Read a value from the standard input and write it encrypted to the standard output. Must be used alone. Encryption uses the NaCl library, which in turn uses the Salsa20 cipher and Poly1305 MAC.

And I think it says that there's a machine key for that stored in the data folder...


In addition there is

UseFIPSEncryption #

When enabled, built-in encryption will use the AES-256-GCM algorithm approved by FIPS-140 instead of the default Salsa20/Poly1305.

Type: boolean
Default: false

So you can change the encryption method.

1 Like

Thanks @rstub. To be exact I'm not trying to change the default encryption, I'm looking for more details about how it is implemented (where are the encrypted value stored ? when exactly are they encrypted / decrypted, by which linux user, etc).

I'm looking for some documentation that I can pass to the security team for my client, in order to asses if it's secured enough for them :slight_smile:

In that case it would be best if you created a support ticket, c.f., and raise your questions there. The support team can get in in contact with the security team, which is best equipped to answer these questions.