How SkySync Stores Credentials
Credentials and their usage depends on the storage platform. Cloud platforms like Box use protocols like OAuth2, where SkySync never directly has credentials and instead uses access tokens provided during the authentication process.
Network share resources require either Windows integrated security or credentials provided by the administrator. In the case of Windows integrated security, SkySync’s access rights are determined by the identity of the SkySync Windows service. If credentials are supplied, SkySync does save them in its configuration database, encrypted per the processes outlined below:
For local SQL Ce deployments, the encryption keys are created by the software at install time via the Windows DPAPI.
If customer administrators desire to take control or provide specific encryption keys, they can do so via built in Windows DPAPI tools and support. MDSN about DPAPI
On full SQL Server installations, SkySync uses a process driven by KeyCzar. SkySync’s installer creates a random key file (in c:\programdata\portalarchitects\data\keys location by default). This file is manually copied to the same location on any additional SkySync nodes participating in the cluster. This process will be more automated in future releases of SkySync.
Using or providing a valid encryption key in the keys directory allows customer customization of what key is used by SkySync for credentials encryption and management.