Skip to main content

Configuring In-Transit and At-Rest Data Encryption

Overview

This article covers the supported encryption options for Netwrix Change Tracker data both in transit and at rest.

Instructions

In-Transit Encryption

Change Tracker supports Transport Layer Security (TLS) protocol version 1.3 and earlier for in-transit data encryption. Disable nontarget protocol versions in your environment to ensure you use the intended TLS version.

At-Rest Encryption

MongoDB Community Edition, which is included in the Change Tracker installation wizard, does not support at-rest data encryption. This feature is available in MongoDB Enterprise only. For details, see MongoDB Encryption At-Rest.

IMPORTANT: The ASP.NET Core data protection API encrypts data such as user accounts, passwords, and network device credentials by default. Both MongoDB Community and Enterprise editions encrypt this type of data.