Storage of the DB Password

The password for the database access is always stored encrypted in WinCC OA . This password can be encrypted in two ways

With the simple method (symmetric encryption). It is less safe but easier to configure or by using the recommended secure method (asymmetric encryption method), which is safer but more configuration is required.

Simple method

  • Open the NGA configuration panel -> Backend tab via the System Management panel -> Database -> Database Engineering -> Backend and select the backend from the list.
  • Under "Basic Configuration" click on the "Password" field to change the password. The database password window is opened.
  • Uncheck the check box "Asymmetric encryption".
  • Enter the passsword and save it.

Recommended Secure Method

  • Open the NGA configuration panel -> Backend tab via the System Management panel -> Database -> Database Engineering -> Backend and select the backend from the list.
  • Under "Basic Configuration" click on the "Password" field to change the password. The database password window is opened. You can generate a private key for the asymmetric encryption by using the "Generate" button (see figure below). The private key is saved in the config directory of the project when you click the "Generate" button. Copy the private key from the config directory to a secure location. A secure location would preferably be a location where only the backend has access to. The field "Private Key" must contain the full path (including the file name) of the private key.
Figure 1. Database Password for the Client Access
  • Enter the password and confirm by clicking the OK button.
CAUTION: The password changed here is the password for the client access to the database. The password of the database was changed directly via the database interface. The password here must match the password configured via the database interface - for InfluxDB see chapter DB Installation - InfluxDB®

The database will resume to normal operation by using the new password.