For deployment on Windows, the new Mendix Windows Service (Service Console) 4.2 encrypts the database password. The encryption will be done by the Windows operating system and the encryption key is stored in the profile of the user account of the Windows service which runs the Mendix app.

You can download the new Mendix Windows Service 4.2 in the Support Portal or in the App Store. Please read the release notes for more information about this release.

However, for SQL Server, it might be good to use integrated authentication in stead of user name/password, so there is no need for storing database passwords.

I assume you want this due to auditing purposes?

(this answer pertains to running Mendix on Linux, btw. Windows is a different story) We had a similar question recently from a customer that didn't want database credentials stored in plaintext. We currently don't feel that encrypting the credentials actually offer any level of added support (if you encrypt the password, where will you store the key to decrypt it?). However, we do understand that our customers might not want these stored in a configuration file.

To protect your credentials, we've implemented a feature whereby you're queried for a password on start, if you haven't configured it in your configuration file. See this commit for details.

At the moment there isn't any functionality that support the encryption of the database credentials in the configuration. We are thinking about it, there are more customers that want this feature. Can you please fill a feature request in the support portal?

Hi Joel

I would like to know if there is any provision for database credential encryption for the m2ee.yaml file in linux deployment.  I appreciate your help on this.