Enable Data At Rest Encryption
This page details how to enable data at rest encryption and a few other important features.
Table of Contents |
|---|
Cinchy 2.0 has added the feature to encrypt data at rest. This means that you can encrypt data in the database such that users with access to view data in the database will see ciphertext in those columns. However, all users with authorized access to the data via Cinchy will see the data as plain text.In order to use this feature, your database administrator will be need to create a database master key (see below for instructions).
- 1.The first step is to create a master key in the database. Do so by connecting directly whichever database your Cinchy instance is running on.
- 2.Run the below query to create your master key:
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'password';
The password should adhere to your organization's password policy.
3. You can now encrypt data via the user interface (Image 1):
Image 1: The Encryption option is now available for column types supported via UI.
After you have created your master key you can create a backup file of that key in case any data corruption occurs in future.
You will need the password you used to create your master key in order to complete this operation.
- 1.Run the following command:
BACKUP MASTER KEY TO FILE = 'path_to_file'
ENCRYPTION BY PASSWORD = 'password'
In the use case where you require to restore your master key due to data corruption, you may use the following steps.
You will need the password you used to create you master key in order to complete this operation.
- 1.Run the following command:
RESTORE MASTER KEY FROM FILE = 'path_to_file'
DECRYPTION BY PASSWORD = 'password'
ENCRYPTION BY PASSWORD = 'password'
[ FORCE ]
Last modified 1yr ago