Documentation
Back to Documentation

Password Management

Captain EPM employs a zero-knowledge approach to your Oracle EPM credentials and external API keys. Your passwords are never transmitted to our servers.

Local Encryption (DPAPI)

Any passwords or API keys you save within Captain EPM are encrypted using Microsoft's Data Protection API (DPAPI). This means the data is encrypted using a key tied specifically to your Windows user account on your physical machine. It cannot be decrypted by another user or if the file is copied to another machine.

No Cloud Syncing

We do not harvest, sync, or transmit your Oracle EPM credentials or your LLM API keys to any external servers. The Captain EPM licensing server only verifies your software subscription; it never receives or processes your Oracle login information.

How Authentication Works

  1. You enter your Oracle EPM Username and Password in the EPM Connect panel.
  2. Captain EPM locally encrypts the password and stores it in your Windows AppData folder.
  3. When executing a feature, Captain EPM decrypts the password in memory and sends it directly to the Oracle EPM REST API endpoints via a secure HTTPS protocol.
  4. The Oracle EPM server authenticates the request and returns the data directly to your Excel client.

Enterprise Security Standard

By leveraging Windows DPAPI and direct client-to-server HTTPS communication, Captain EPM ensures that your credentials remain entirely within your organization's perimeter. There are no middle-man servers intercepting your authentication traffic.