Understand data encryption for fields

Encryption is a method of adding a layer of security to data preventing the data from being stolen or lost. It is the process of encoding information to make it accessible only by authorized parties. Even if a potential hacker gets a hold of the data, the information stored in the cipher text is non-readable. Learn more about encryption at ManageEngine AppCreator

When you're using fields in your ManageEngine AppCreator applications to capture any sensitive, confidential, or personally identifiable information (PII), you can add another layer of protection for them by enabling the Encrypt data field property.

The ePHI stands for electronic Protected Health Information(ePHI). The ePHI means any protected health information (PHI) that is created, stored, transmitted, or received in any electronic format. The ePHI can be enabled for a field by choosing the Contains health info option in the Field properties pane in Form builder. Learn more
While granting permissions for the users in the Permissions under Application Settings, you will be able to choose whether the fields marked as ePHI should be visible or not to the users with that specific permission. Learn more

Before enabling the Encrypt data field property

• Encryption converts the data in a field to text. Therefore, to enable data encryption for a field, you will first need to remove its references from other components like lookup fields (in other forms), reports, and workflows. ManageEngine AppCreator will display a prompt containing all such references. Refer manage data encryption to learn more.
• Enabling data encryption is not supported when the no duplicate values property is enabled for that field, and vice versa
• Encrypting data requires time. We've estimated that it takes up to 30 seconds to encrypt the data in 100,000 records. However, while this happens, your users won't be able to access your app. For example, if you initiate data encryption for a field while a user is entering data in that form, they won't be able to submit the form. We recommend that you plan for this pause before you initiate data encryption for a field.

Working with fields that contain encrypted-at-rest data

Encryption converts the data in a field to text. Therefore, these fields can be searched for data using only the following operators: Is, Is Not, Is Empty, and Is Not Empty. This applies to both reports and workflows.

In reports, the fields containing encrypted data will display the original (decrypted) value by default. This can be customized as follows:

• Set the Display Value as:
  • Without mask: Displays the decrypted value. This is selected by default.
  • Show first n characters decrypted, while the rest of the data being represented by a few asterisks (*)
  • Show last n characters decrypted, while the rest of the data being represented by a few asterisks (*)
  • With mask: Mask the data by displaying five asterisks (*) instead
• Enable Show value on click (or tap): This option becomes available when the Display Value is set with a value other than Without mask

Things to know

While accessing reports, your end users can use just the Is Empty and Is Not Empty operators when the field's encryption related properties are configured as follows:

• Display values is set as With mask, and
• Show value on click is Disabled

Related topics

• Whitepaper on encryption at ManageEngine