User Guide > Best Practices > Develop Your Templates > Secure Your Integrations
Was this helpful?
Secure Your Integrations
You must always use macros and macro encryption at design time to protect sensitive data such as credentials or other personal information. Similar to other dynamic values that must be configurable at runtime, you must avoid hard-coding them into the design artifacts. For more information about encrypting macro values at design time, see Managing Macro Sets and Macros.
Integration Manager stores macro values within a database. You must enable Macro Encryption for any production installations of Integration Manager so that sensitive data cannot be viewed directly from the database. When enabled, all macro values are encrypted. It is highly recommended that you do not share encryption keys between environments.
Note:  If you are using DataConnect Platform-as-a-Service with Integration Manager hosted on Actian DataCloud, then macro encryption is always enabled.
Integration Manager authenticates all user access over HTTP or HTTPS protocols. You must enable HTTPS (TLS1.2) for any production installations of Integration Manager so that your API traffic cannot be read if intercepted.
Note:  If you are using DataConnect Platform-as-a-Service with Integration Manager hosted on Actian DataCloud, then HTTPS (TLS 1.2) is always enabled.
Other security best practices:
Only connect to external sources and targets that support and enable TLS 1.2 connections.
Perform penetration testing on any Internet based production installations of Integration Manager on a regular interval
Perform security reviews on any integration design that you plan on deploying to an Internet-based installation of Integration Manager or DataCloud.
Note:  Contact Actian Services and Solutions team for help with a security review of your integrations prior to go-live.
Last modified date: 08/10/2022