Question
Where do Connection Manager credentials get stored for the Nintex for Office 365 product?
Answer
For all connections, they are stored in Nintex Azure Connection Manager. The connection types and what they store are below:
The data for Connection Manager is multi-tenanted and partitioned by tenant Id. Each connection is encrypted by a different encryption key on the client side, then stored encrypted at rest, but the data at rest is also encrypted by Azure Transparent Data Encryption. Azure Key Vault stores the key used to decrypt each connection's own encryption key. The client library generates a random Initialization Vector (IV) of 16 bytes along with a random Content Encryption Key (CEK) of 32 bytes for every entity, and performs envelope encryption on the individual properties to be encrypted by deriving a new IV per property. Azure Key Vault key is used to encrypt the IV and CEK for each entity and store them as additional properties.
- Basic Authentication (the username and password)
- API key (the key)
- OAuth 2.0 (All data the IdP sends back including the access_token, retry_token, etc.)
The data for Connection Manager is multi-tenanted and partitioned by tenant Id. Each connection is encrypted by a different encryption key on the client side, then stored encrypted at rest, but the data at rest is also encrypted by Azure Transparent Data Encryption. Azure Key Vault stores the key used to decrypt each connection's own encryption key. The client library generates a random Initialization Vector (IV) of 16 bytes along with a random Content Encryption Key (CEK) of 32 bytes for every entity, and performs envelope encryption on the individual properties to be encrypted by deriving a new IV per property. Azure Key Vault key is used to encrypt the IV and CEK for each entity and store them as additional properties.
Related Links
