Encryption Settings

Acunetix 360 On-Premises encrypts and decrypts sensitive data by using AES encryption. For encryption, Acunetix 360 uses a secret key.

Starting from the Acunetix 360 On-Premises 2.2, this secret key is randomly generated during a new installation. During the new installation, Acunetix 360 requires you to download and store your secret key, as you cannot access this key again in Acunetix 360 On-Premises. You can only regenerate the secret key.

Acunetix 360 asks you enter your secret key in the following situations:

  • Deleting or resetting the application settings
  • Installing a fresh copy of Acunetix 360 On-Premises while using the previous configuration
  • Changing the IIS AppPool user running Acunetix 360
  • An access problem to the application settings by Acunetix 360.

Information

Please note that if you want to have a clean installation with the new database and settings, you do not need to provide your secret key.

If you lose your secret key, the following data is corrupted, and you must configure these settings again:

  • Account level Single Sign-On (SSO) settings
  • All Integrations configuration settings
  • Proxy passwords added to scan policies. See, Proxy.
  • All scan Authentication related passwords
  • User two-factor authentication configurations

Acunetix 360 generates a unique secret key during the installation. If you want to regenerate your secret key, you can do this in the Encryption settings.

Warning

Since all data containing sensitive data in the database will be re-encrypted with a new secret key, it is strongly recommended that you do not have any active scans during the re-encryption. Please cancel or pause any active scans if you have.

Warning

Using older versions than Acunetix 360 On-Premises 2.2? While updating to Acunetix 360 On-Premises 2.2 or newer versions, the application does not ask you to enter a secret key. You can continue using the application.

However, it is strongly recommended that you generate a new secret key. For further information, see Generating a new secret key in Acunetix 360.

This topic explains how to regenerate a new secret key in Acunetix 360 On-Premises.

Encryption Settings Field

This table lists and explains the Encryption Settings fields on the Encryption Settings page.

Button/Section/Field

Description

Last Revision

This is the last date that you take action, such as generating a key or downloading it.

Configuration

This displays who generated the secret key.

The options are the following:

  • User-Customized: This is a secret key generated during the Acunetix 360 On-Premises installation.
  • System Generated: This is a built-in secret key Acunetix 360 provided.

Generate New Secret Key

This lets you generate a new secret key.

Generating a new secret key in Acunetix 360

How to generate a new secret key in Acunetix 360
  1. Log in to Acunetix 360.
  2. From the main menu, select Settings > Encryption.

  1. Select Generate New Secret Key.
  2. From the Generate New Secret Key dialog, enter i agree to the text field. (Please note that this is case-sensitive.)

Information

Before selecting the Re-encrypt button, make sure you downloaded the new secret key.


  1. Select Re-encrypt.

Configuring Acunetix 360 Web Application Server to a new machine

This instruction explains how to configure Acunetix 360 Web Application Server with and without using the secret key into a new machine.

How to configure Acunetix 360 Web Application Server using the secret key
  1. The first step of the Installation Wizard is configuring the Database connection.
  2. Complete the fields to enable Acunetix 360 to build the necessary database structure and populate it with data. Select Next.
  3. From the Encryption window, enter your secret key.
  4. Complete the remainder of the fields, as described in the Configuring Acunetix 360 Web Application Server Using the Installation Wizard.
  5. Select Finish to complete the configuration.
How to configure Acunetix 360 Web Application Server without using the secret key

Warning

If you do not enter your secret key, the following data is corrupted, and you must configure these settings again:

  • Account level Single Sign-On (SSO) settings
  • All Integrations configuration settings
  • Scan Policy proxy password
  • All scan Authentication related passwords
  • User two-factor authentication configurations

  1. The first step of the Installation Wizard is configuring the Database connection.
  2. Complete the fields, to enable Acunetix 360 to build the necessary database structure and populate it with data. Select Next.
  3. From the Encryption window, select the Lost the secret key? link.
  4. From the Reset the Secret Key window, select Reset.

Information

You cannot undo this process. If you select Reset, Acunetix 360 generates a new secret key and encrypts your data with this new secret key.

  1. Complete the remainder of the fields, as described in the Configuring Acunetix 360 Web Application Server Using the Installation Wizard.
  2. Select Finish to complete the configuration.

FAQ

Question: What if Acunetix 360 On-Premises cannot access your configuration file that includes your secret key?

  • In this case, after logging in to Acunetix 360 On-Premises, it displays the Encryption step in the installation process and requires you to enter the secret key. You can enter your secret key to continue using the application.

 

« Back to the Acunetix Support Page