Encryption Settings
Acunetix 360 On-Premises encrypts and decrypts sensitive data by using AES encryption. For encryption, Acunetix 360 uses a secret key.
Starting from the Acunetix 360 On-Premises 2.2, this secret key is randomly generated during a new installation. During the new installation, Acunetix 360 requires you to download and store your secret key, as you cannot access this key again in Acunetix 360 On-Premises. You can only regenerate the secret key.
Acunetix 360 asks you enter your secret key in the following situations:
- Deleting or resetting the application settings
- Installing a fresh copy of Acunetix 360 On-Premises while using the previous configuration
- Changing the IIS AppPool user running Acunetix 360
- An access problem to the application settings by Acunetix 360.
Information Please note that if you want to have a clean installation with the new database and settings, you do not need to provide your secret key. |
If you lose your secret key, the following data is corrupted, and you must configure these settings again:
- Account level Single Sign-On (SSO) settings
- All Integrations configuration settings
- Proxy passwords added to scan policies. See, Proxy.
- All scan Authentication related passwords
- User two-factor authentication configurations
Acunetix 360 generates a unique secret key during the installation. If you want to regenerate your secret key, you can do this in the Encryption settings.
Warning Since all data containing sensitive data in the database will be re-encrypted with a new secret key, it is strongly recommended that you do not have any active scans during the re-encryption. Please cancel or pause any active scans if you have. |
Warning Using older versions than Acunetix 360 On-Premises 2.2? While updating to Acunetix 360 On-Premises 2.2 or newer versions, the application does not ask you to enter a secret key. You can continue using the application. However, it is strongly recommended that you generate a new secret key. For further information, see Generating a new secret key in Acunetix 360. |
This topic explains how to regenerate a new secret key in Acunetix 360 On-Premises.
Encryption Settings Field
This table lists and explains the Encryption Settings fields on the Encryption Settings page.
Button/Section/Field | Description |
Last Revision | This is the last date that you take action, such as generating a key or downloading it. |
Configuration | This displays who generated the secret key. The options are the following:
|
Generate New Secret Key | This lets you generate a new secret key. |
Generating a new secret key in Acunetix 360
How to generate a new secret key in Acunetix 360
- Log in to Acunetix 360.
- From the main menu, select Settings > Encryption.
- Select Generate New Secret Key.
- From the Generate New Secret Key dialog, enter i agree to the text field. (Please note that this is case-sensitive.)
Information Before selecting the Re-encrypt button, make sure you downloaded the new secret key. |
- Select Re-encrypt.
Configuring Acunetix 360 Web Application Server to a new machine
This instruction explains how to configure Acunetix 360 Web Application Server with and without using the secret key into a new machine.
How to configure Acunetix 360 Web Application Server using the secret key
- The first step of the Installation Wizard is configuring the Database connection.
- Complete the fields to enable Acunetix 360 to build the necessary database structure and populate it with data. Select Next.
- From the Encryption window, enter your secret key.
- Complete the remainder of the fields, as described in the Configuring Acunetix 360 Web Application Server Using the Installation Wizard.
- Select Finish to complete the configuration.
How to configure Acunetix 360 Web Application Server without using the secret key
Warning If you do not enter your secret key, the following data is corrupted, and you must configure these settings again:
|
- The first step of the Installation Wizard is configuring the Database connection.
- Complete the fields, to enable Acunetix 360 to build the necessary database structure and populate it with data. Select Next.
- From the Encryption window, select the Lost the secret key? link.
- From the Reset the Secret Key window, select Reset.
Information You cannot undo this process. If you select Reset, Acunetix 360 generates a new secret key and encrypts your data with this new secret key. |
- Complete the remainder of the fields, as described in the Configuring Acunetix 360 Web Application Server Using the Installation Wizard.
- Select Finish to complete the configuration.
FAQ
Question: What if Acunetix 360 On-Premises cannot access your configuration file that includes your secret key?
- In this case, after logging in to Acunetix 360 On-Premises, it displays the Encryption step in the installation process and requires you to enter the secret key. You can enter your secret key to continue using the application.