Security Settings
This page describes how to configure credential caching, key encryption, and secure credential handling in NCache. It explains how to enable credential caching to reduce authentication overhead, configure Key Encryption Keys (KEK) and Credentials Encryption Keys (CEK), and apply the same keys across all cache servers and remote clients in a cluster. These settings are used to secure data encryption keys, protect user credentials stored in configuration files, and are required for production deployments that enforce strong security controls.
Enable Credential Caching
NCache offers Credential Caching where the authenticated user's credentials are stored in the cache to avoid repeated authentications during the life of the process. This feature is disabled by default. To enable it, update the NCacheServer.EnableCredentialCaching tag to true.
<add key="NCacheServer.EnableCredentialCaching" value="false"/>
Key Encryption Key
The Key Encryption Key (KEK) is used to encrypt the Data Encryption Key (DEK), which secures the actual cache data. It must be specified as a 32-byte hexadecimal string and configured consistently across all cache servers and remote clients in a distributed environment. To add or change KEK, update the NCache Service configuration file using the following key-value pair:
<add key="NCacheServer.KeyEncryptionKey" value="[Valid AES 256 KEY]"/>
Credentials Encryption Key
The Credentials Encryption Key (CEK) is used to encrypt user credentials stored in the NCache client configuration file. It helps secure sensitive information against unauthorized access. CEK must be a 32-byte hexadecimal string, and should be configured identically across all cache servers. To add or change CEK, update the NCache Service configuration file using the following key-value pair:
<add key="NCacheServer.CredentialsEncryptionKey" value="[Valid AES 256 KEY]"/>
