Figure 36.1 Dialog Box for ENCRYPTKEY=
See Also
“AUTHLIB Procedure” in Base SAS Procedures Guide
AES Encryption and Referential Integrity Constraints
Data files with referential integrity constraints can use AES encryption. All primary key
and foreign key data files must use the same encryption key that opens all referencing
foreign key and primary key data files.
Passwords and Encryption with Generation Data Sets, Audit Trails,
Indexes, and Copies
SAS extends password protection, SAS Proprietary encryption, and AES encryption to
other files associated with the original protected file. This includes generation data sets,
indexes, audit trails, and copies. You can access protected or encrypted generation data
sets, indexes, audit trails, and copies of the original file. The same rules, syntax, and
behavior for invoking the original password protected or encrypted files apply. SAS
views cannot have generation data sets, indexes, or audit trails. For more information
about encryption, see “SAS Proprietary Encryption” on page 738 and “AES Encryption”
on page 739.
Blotting Passwords and Encryption Key Values
Check the SAS Log
You need to check the SAS log to ensure that any password value or encryption key
value is blotted out. This applies to the READ=, WRITE=, ALTER=, PW=, and
ENCRYPTKEY= options.
In most cases, placing the password=value pair on a separate line blots the value:
data &ds(
read=secret
encrypt=aes
encryptkey=evenmoreso
);
x=1;
run;
Blotting Passwords and Encryption Key Values 741
Examples of Passwords and Encryption Keys That Are Not Blotted
The following examples are password values and encryption-key values that are not
blotted in the SAS log:
• Do not use a macro variable for the libref or data set in a DATA statement:
%let ds=dataset;
data &ds(read=secret);
x=1
;
run;
The following is written to the SAS log:
111 %let ds=dataset;
112 data &ds(alter=secret);
113 x=1;
114 run;
NOTE: The data set WORK.DATASET has 1 observations and 1 variables.
NOTE: DATA statement used (Total process time):
real time 0.00 seconds
cpu time 0.00 seconds
• Using an incorrect password for a data set in certain procedures causes passwords in
the log:
proc append base=here(PW=XXXXXXX) data=more(READ=secret2);
run;
• Typing errors cause the following passwords to show in the SAS log:
proc print data=lubrary.abc(READ=secret);
run;
or
proc print data=library.abc(ERAD=secret);
run;
• If the code causes an ERROR message, the password is not blotted. For example, in
the following code the libref is misspelled causing SAS to issue the message:
"ERROR: Libref MYLUB is not assigned." and the password is not blotted.
libname mylib 'c:\';
data mylub.abc(
read=secret
);
x=1;
run;
The following output is written to the SAS log:
636 libname mylib 'c:\';
NOTE: Libref MYLIB was successfully assigned as follows:
Engine: V9
Physical Name: c:\
637 data mylub.abc(
742 Chapter 36 • File Protection
Get SAS 9.4 Language Reference, 6th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
