When I presented on Power BI at Cleveland, I wrote up a blog post with all the questions I didn’t have an immediate answer to. I presented last week at Cincinatti and wanted to do the same thing.
This time there were some more difficult questions so I’m going to have to split it up into multiple blog posts.
Are local credentials stored in the Power BI Desktop file?
With SSIS, you have to be careful to export the SSIS files without any sensitive information included. But what about Power BI? If you save the .PBIX files on OneDrive, can you be exposing yourself to a security risk?
Looking at things, it looks like credentials for data sources are stored globally, so one wouldn’t expect them to be in the .pbix files.
So, first I turned the PBIX file into a zip file and poked around. I didn’t see anything suspicious.
Next, I ran Procmon against Power BI Desktop and recorded what it did when I changed the global credentials for a data source. Here we find something interesting.
If we open user.zip we find a folder called Credentials, with a single encrypted file inside. I’m willing to bet this is where the passwords are being stored.
Come see me present!
If you are interested in attending a future precon, I’ll be presenting at the following locations for 2018: