Encryption & Cryptography

All data in Sitecore Content Hub is by default, encrypted at rest; this includes content data (files) and metadata (databases).

All Azure Storage Accounts are created with encryption enabled for both Blob Storage and File Storage (AFS). Therefore encryption is enabled by default for all file content, backups, and VM os/data disks (vhd's). Database content for both Redis and Elasticsearch is only persisted to these VM data disks and, therefore, also automatically encrypted at rest.

All data and files written into Azure Storage Accounts are encrypted by the storage service prior to persisting and decrypted prior to retrieval. Encryption and decryption are entirely transparent to the user. All data is encrypted using 256-bit AES encryption, also known as AES-256—one of the strongest block ciphers available.

Sitecore Content Hub is using Azure Managed Disks for all Cloud Environments. Azure automatically applies encryption at rest to these managed disks by using Azure Storage Service Encryption (SSE).

Encryption in Transit

All communication between the client and the web server is encrypted with the use of SSL, this includes traffic coming into and going out of the web nodes and also all communication between the application and Azure PaaS services like Storage Accounts and Cognitive Services.

E-mail encryption

By default, our system is designed to try outbound TLS v.1.1 when attempting to deliver email opportunistically; this means that if your recipient’s email server accepts an inbound TLS v.1.1 connection, we will provide the email over a TLS encrypted connection. If the server does not support TLS, we will deliver the message over the default unencrypted connection.


Cryptography refers to secure information and communication techniques derived from mathematical concepts and a set of rule-based calculations called algorithms to transform messages in ways that are hard to decipher.

Cryptographic hashing for applications

Passwords stored in the Sitecore Content Hub application are hashed using the PBKDF2 algorithm

TLS/SSL encryption

All https traffic is encrypted using TLS. From Sitecore Content Hub 3.0 onwards support for TLS 1.0 has been dropped and only TLS 1.1 and 1.2 are supported.

Do you have some feedback for us?

If you have suggestions for improving this article,