Added in Iguana version 6.1 for Enterprise and Professional tiers only.
Using encrypted logs greatly increases data security. Iguana Professional and Enterprise tiers use encrypted logs — encryption is mandatory and cannot be disabled.
You must enable Log encryption each time the Iguana Server starts. You can do this by entering (or scripting) a password or by using the Auto-Unlock option.
Tip: Using log encryption can help you to meet HIPAA compliance requirements.
Iguana generates a log encryption key that is used to encrypt the log files. This key is stored securely in an encryption locker file. By default the locker file is stored in the Iguana working directory, but this location can be changed. Each time the Iguana Server starts up the encryption locker file must be unlocked to allow Iguana to use the encryption key. The locker file can only be unlocked with a password chosen by the user.
Warning: It is critical not to forget the encryption locker password!
If the locker password is lost then you will not be able to open the locker file — which means you will lose access to all historical (encrypted) logs. There is no alternative method to recover the logs.
We recommend storing the password securely in at least two places, for example: One encrypted copy on a different physical device from the Iguana Server, and a second hard copy in a safe.
These are the technical details of how we implemented the log encryption:
- The log encryption key is generated by Iguana:
- The generated key is used to encrypt the log files:
- The key is stored an encryption locker file:
- By default the locker file is stored in the Iguana working directory:
- To use the encryption key the locker file must first be unlocked with a password chosen by the user: