> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/rdm/knowledge-base/knowledge-base-articles/security-providers-best-practices.md).

# Security providers best practices

***Security Providers*** exist to encrypt the data at rest (the information stored on the database) using a key shared on every Remote Desktop Manager instance. This way, an attacker would need to compromise the database as well as the security provider to compromise the data.

Below is a list of available ***Security types***.

* ***Default***: Does not set any security provider.
* ***Shared passphrase***: Encrypts the data using a password stored on each Remote Desktop Manager instances. The ***v3*** uses a more secure hashing algorithm than the ***v2***.
* ***Certificate***: Encrypts the data using the private key of a certificate installed on each workstation. The ***v2*** uses a more secure encryption algorithm.
* ***Keyfile***: Encrypts the data using the a key stored in a file installed on each workstation.

  <figure><img src="https://cdnweb.devolutions.net/docs/docs_en_kb_KB2247.png" alt=""><figcaption></figcaption></figure>

To ensure secure deployment of Remote Desktop Manager with SQL Server on workstations within an organization, it is recommended that an enterprise certificate be used for data encryption. This can be achieved by implementing an Active Directory configuration or using other methods such as a Mobile Device Management (MDM) software.

However, it is important to recognize that when a certificate is exposed to multiple workstations, there is an increased risk that it will be compromised by malicious actors. To mitigate this risk, we recommend using a Devolutions Server that effectively handles encryption at rest while safeguarding the encryption key from Remote Desktop Manager users.

{% hint style="info" %}
For more detailed information, please refer to [Security Model and Encryption (PDF)](https://cdn.devolutions.net/documents/legal/security/security-encryption-en.pdf).
{% endhint %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.devolutions.net/rdm/knowledge-base/knowledge-base-articles/security-providers-best-practices.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.