Encrypting Data
Last updated
Last updated
Data encryption enhances the security of an application by securing content that may be considered sensitive data. For example, when building out an application that captures a social security number, this data can be considered sensitive and would need to be encrypted. In this document, we discuss how to encrypt any data stored in Airkit's back-end.
Encrypting and decrypting data requires an encryption key. There are two options when using encryption keys within Airkit: you can either use the default keys provided by Airkit or configure your own.
Every Airkit Organization get encryption keys automatically provisioned for each datastore (Development, QA, and Production). These keys are created using AWS KMS and are provisioned with the default configuration.
If the default key configuration does not meet security requirements, a custom AWS KMS Key can be created outside of Airkit and be associated to a datastore.
To create a custom encryption key, go to console.airkit.com > Settings > Encryption Keys and select Create new.
Enter a name for the custom key and pass the Reference Key. The reference key is the Amazon Resource Name (ARN) of the KMS Key. For more on finding the ARN see documentation on AWS.
Fields in AirData can be encrypted to secure sensitive content using the encryption key associated with the datastore. To associate an encryption key to a datastore, go to Console -> Datastores. Select the Datastore -> Properties and select the encryption key.
To encrypt AirData App Object attributes, go to AirData Builder on an app and select one of the Object attributes. In the Inspector, check the Encrypt checkbox.
This will encrypt that field when the data is stored.
๐ When a field of data is encrypted, that field cannot be used to query or filter as part of an AirData Request.
