We are having an internal discussion on how SW NCM is able to be compliant. A scenario came up and I need to know how solarwinds handles it...
NCM has login credentials so it can go and grab the configurations periodically. These credentials, I am assuming, are stored in its database somewhere in an encrypted fashion. The question arises, what does it use to encrypt the device credentials?
At some point, there is a cleartext password that is the "master" password that, recursively, can unencrypt everything. How is this "master" password stored safely? Is it in a place where only the solarwinds process can have access to it (like a flatfile)? Is it in some registry key (which can't be encrypted because solarwinds couldnt read it)? Or how is this done??
How does it protect that "master" password from prying eyes... It's not like a human types in a master password at every configuration backup job runtime...