The MID Server uses one secured configuration provider at a time. You can use either the default security provider or CyberArk as the secured configuration provider. Mixed provider configurations are not supported. For example, you cannot use the default security provider together with CyberArk. The following built-in security options are available:

• Default security provider: Secures the data in the config.xml file by encryption. When the MID Server is restarted, any unencrypted data is encrypted and written to the config.xml file. The default security provider offers these encryption options:
  • Default encryptor: Default process for encrypting data in the MID Server config.xml file. See Encrypt or decrypt MID Server configuration file values for details.
  • Windows Data Protection API (DPAPI): The operating system performs the data encryption, rather than the MID Server. DPAPI encryption is based on the logged in user's account. When this scheme is used, the data can only be decrypted by the same user account. If the account changes, the data must be re-encrypted.
  • Custom encryption: Implement the IMidServerEncrypter interface to create your own custom encryption scheme to manage sensitive config.xml data.
• CyberArk: Data security is provided by CyberArk integration configuration, which moves sensitive data from the config.xml file to a secure CyberArk vault. This solution does not encrypt the data and does not use the IMidServerEncrypter interface.
• Custom external storage: Implement the ISecuredConfigProvider interface to create your own custom external storage system to manage sensitive config.xml data.