Enable Data At Rest Encryption (DARE)
This page details how to enable data at rest encryption and a few other important features.
Last updated
This page details how to enable data at rest encryption and a few other important features.
Last updated
Cinchy 2.0 has added the feature to encrypt data at rest. This means that you can encrypt data in the database such that users with access to view data in the database will see ciphertext in those columns. All users with authorized access to the data via Cinchy will see the data as plain text. To use this feature, your database administrator will be need to create a database master key (see below for instructions).
The first step is to create a master key in the database. Do so by connecting directly whichever database your Cinchy instance is running on.
Run the below query to create your master key:
The password should adhere to your organization's password policy.
3. You can now encrypt data via the user interface (Image 1):
After you have created your master key you can create a backup file of that key in case any data corruption occurs in future.
You will need the password you used to create your master key to complete this operation.
Run the following command:
Further documentation on creating a backup master key can be found here.
In the use case where you require to restore your master key due to data corruption, you may use the following steps.
You will need the password you used to create you master key to complete this operation.
Run the following command:
Further documentation on restoring the master key can be found here.