Help Center>Foundation Help

Applies to:

  • Winshuttle Foundation

How Winshuttle stores and uses SAP Credentials

Users can save credentials for running Winshuttle web services from a form and for autoposting data to SAP. Winshuttle Foundation (i.e. Winshuttle Central and User Governance) use Windows domain login information to access SAP. The data is saved through AES 128-bit encryption.

The Winshuttle Administrator can see a list of users who have saved their SAP credentials, which includes the following information:

  • User name
  • SAP system
  • Client

Diagram: How Winshuttle Central/User Governance stores and uses SAP credentials

How Winshuttle Foundation encrypts SAP credentials

Back to top

Winshuttle Central / User Governance uses the AESCryptoServiceProvider class from Windows Crypto API for encrypting / decrypting SAP Credentials. This has been validated by NIST (National institute of standards and technology) in CMVP (Cryptography Module Validation Program).

Once a user stores SAP credentials, the credentials are stored permanently in the database until deleted by the user or an administrator. Credentials are fetched from the database every time there is a requirement to form an SAP connection string.

How encrypted SAP credentials are stored in Microsoft SQL

Back to top
  • Any database administrator with the required database rights and privileges can access the encrypted credentials but cannot decrypt the credentials.
  • The key to decrypt the credentials is stored within the binaries and cannot be accessed by any user with any amount of rights or privileges.
  • The keys to encrypt and decrypt are kept obfuscated within the binaries and are retained by each module of the Winshuttle ecosystem (Winshuttle Central/Studio/Server etc).
  • The encryption keys do not flow over the network under any circumstance.

Storing SAP credentials is not required

Storing credentials is not mandatory. Stored credentials are used only for Autoposting data to SAP. If a user wants to manually run or enter credentials in forms, then there is no need to store credentials.