When deploying a project and its CONFIG file to production, the user selects the “Encrypt Files” option, which successfully encrypts the CONFIG file. However, the CAR files generated by Centerprise do not appear to be encrypted and contain the contents of the CONFIG file used during CAR file creation.
The presence of unencrypted CONFIG files within CAR files is considered a security concern since anyone with read access to a CAR file can view the database credentials.