Data at rest is data stored, either temporarily or permanently. Data at rest has certain encryption types, or no encryption, depending on where it is being stored.

• Data in memory on the Spotfire Server, Spotfire Web Player or in the Spotfire Analyst clients is never encrypted.
• Data stored in the Spotfire database is not encrypted, except for sensitive data like passwords for service accounts, which are encrypted using AES-128 by default. The encryption key length is configurable, see config-encryption. User passwords are always hashed (by default, using PBKDF2) and never encrypted.
• Temporary files stored in the attachment manager on the Spotfire Server file system are encrypted. (One exception: the Information Services component's temporary pivot cache is not encrypted.) The default encryption algorithm is AES-128. Other possible options are AES-192 or AES-256. See config-attachment-manager (--encryption-enabled and --encryption-key) for more information.
• Temporary files stored on the Spotfire Web Player file system are not encrypted.
• Temporary files stored on the Spotfire Analyst file system are not encrypted.
• "Save my login information" stores the user's Spotfire login in an encrypted form using Microsoft's ProtectedData API (DPAPI) protected with the user scope.