SUPPORT

Contact Support

OPEN A TICKET

Encryption Settings

Netsparker Enterprise On-Premises encrypts and decrypts sensitive data by using AES encryption. For the encryption, Netsparker uses a secret key.

Starting from the Netsparker Enterprise On-Premises 2.2, this secret key is randomly generated during a new installation. During the installation, Netsparker Enterprise requires you to download and store your secret key, as you cannot access this key again in Netsparker Enterprise On-Premises. You can only regenerate the secret key.

Invicti asks you enter your secret key in the following situations:

  • Deleting or resetting the application settings
  • Installing a fresh copy of Netsparker Enterprise On-Premises while using the previous configuration
  • Changing the IIS AppPool user running Netsparker Enterprise
  • An access problem to the application settings by Netsparker Enterprise.
Please note that if you want to have a clean installation with the new database and settings, you do not need to provide your secret key.

If you lose your secret key, the following data is corrupted, and you must configure these settings again:

  • Account level Single Sign-On (SSO) settings
  • All Integrations configuration settings
  • Scan Policy proxy password
  • All scan Authentication related passwords
  • User two-factor authentication configurations

Netsparker Enterprise generates a unique secret key during the installation. If you want to regenerate your secret key, you can do this in the Encryption settings.

Since all data containing sensitive data in the database will be re-encrypted with a new secret key, it is strongly recommended that you do not have any active scans during the re-encryption. Please pause or cancel any active scans if you have.
Using older versions than Netsparker Enterprise On-Premises 2.2? While updating to Netsparker Enterprise On-Premises 2.2 or newer versions, the application does not ask you to enter a secret key. You can continue using the application.

However, it is strongly recommended that you generate a new secret key. For further information, see Generating a new secret key in Netsparker Enterprise.

This topic explains how to regenerate a new secret key in Netsparker Enterprise On-Premises.

Encryption Settings Field

This table lists and explains the Encryption Settings fields on the Encryption Settings page.

Button/Section/Field

Description

Last Revision

This is the last date that you take action, such as generating a key or downloading it.

Configuration

This displays who generated the secret key.

The options are the following:

  • User-Customized: This is a secret key generated during the Netsparker Enterprise On-Premises installation.
  • System Generated: This is a built-in secret key Invicti Enterprise provided.

Generate New Secret Key

This lets you generate a new secret key.

Generating a new secret key in Netsparker Enterprise

How to generate a new secret key in Netsparker Enterprise
  1. Log in to Netsparker Enterprise.
  2. From the main menu, select Settings > Encryption.

  1. Select Generate New Secret Key.
  2. From the Generate New Secret Key dialog, enter i agree to the text field. (Please note that this is case-sensitive.)
Before selecting the Re-encrypt button, make sure you downloaded the new secret key.

  1. Select Re-encrypt.

Configuring Netsparker Enterprise Web Application Server to a new machine

This instruction explains how to configure Netsparker Enterprise Web Application Server with and without using the secret key into a new machine.

How to configure Netsparker Enterprise Web Application Server using the secret key
  1. The first step of the Installation Wizard is configuring the Database connection.
  2. Complete the fields to enable Invicti  to build the necessary database structure and populate it with data. Select Next.
  3. From the Encryption window, enter your secret key.
  4. Complete the remainder of the fields, as described in the Configuring Netsparker Enterprise Web Application Server Using the Installation Wizard.
  5. Select Finishto complete the configuration.
How to configure Netsparker Enterprise Web Application Server without using the secret key

If you do not enter your secret key, the following data is corrupted, and you must configure these settings again:

  • Account level Single Sign-On (SSO) settings
  • All Integrations configuration settings
  • Scan Policy proxy password
  • All scan Authentication related passwords
  • User two-factor authentication configurations
  1. The first step of the Installation Wizard is configuring the Database connection.
  2. Complete the fields, to enable Invicti to build the necessary database structure and populate it with data. Select Next.
  3. From the Encryption window, select the Lost the secret key? link.
  4. From the Reset the Secret Key window, select Reset.

You cannot undo this process. If you select Reset, Netsparker Enterprise generates a new secret key and encrypts your data with this new secret key.
  1. Complete the remainder of the fields, as described in the Configuring Netsparker Enterprise Web Application Server Using the Installation Wizard.
  2. Select Finish to complete the configuration.

FAQ

Question: What if Netsparker Enterprise On-Premises cannot access your configuration file that includes your secret key?

  • In this case, after logging in to Netsparker Enterprise On-Premises, it displays the Encryption step in the installation process and requires you to enter the secret key. You can enter your secret key to continue using the application. 
Invicti

Highly accurate, fast & easy-to-use Web Application Security Scanner

Get a demo