Skip to main content

Encrypt Decrypt Service

Encrypt Decrypt Service

Encrypt Decrypt Service provides a way to encrypt | decrypt some object using an AP-private encryption algorithm.

At the moment only one encryption algorithm is provided - AES 128 Symmetric Key Encryption.

It requires the following setup:

  1. a Vault entry with the string encryption key should exists
  2. a Configuration Service property should exists with the name 'encryptionKeyVaultAlias'  that points to the alias of the Vault entry above. NOTE the following:
    • If vault entry and property defined at the level of AP - no other AP can decode the encrypted value.
    • If vault entry and property defined at the level of CS and not overwritten by AP - then every AP share the same encryption logic and can read results of other APs.

If any of the above is not found - EncryptDecryptService will fail at the encrypt/decrypt operation.


Use Cases

By default Encrypt Decrypt service is used to encrypt DataStore values. To request encryption please specify 'encrypted=true' flag in an Entity column like below:

@Column(value = "secretString", encrypted = true)
private String secretString;

@Column(value = "secretEntry", encrypted = true)
private Entry secretEntry;