When I presented on Power BI at Cleveland, I wrote up a blog post with all the questions I didn’t have an immediate answer to. I presented last week at Cincinatti and wanted to do the same thing.
This time there were some more difficult questions so I’m going to have to split it up into multiple blog posts.
Are local credentials stored in the Power BI Desktop file?
With SSIS, you have to be careful to export the SSIS files without any sensitive information included. But what about Power BI? If you save the .PBIX files on OneDrive, can you be exposing yourself to a security risk?
Looking at things, it looks like credentials for data sources are stored globally, so one wouldn’t expect them to be in the .pbix files.
So, first I turned the PBIX file into a zip file and poked around. I didn’t see anything suspicious.
Next, I ran 
If we open user.zip we find a folder called Credentials, with a single encrypted file inside. I’m willing to bet this is where the passwords are being stored.
Come see me present!
If you are interested in attending a future precon, I’ll be presenting at the following locations for 2018:
One thought on “Are local credentials or passwords stored in the Power BI Desktop file?”
Comments are closed.