Capture Secure User Data

Introduction

Secure Strings provide a way to capture sensitive information from the user. This might be the individual's password or maybe their Social Security Number. As this kind of information is very sensitive, it requires an extra level of care.

Using the Secure String Input Web Control together with the Secure Value Retrieval Data Operation creates an end-to-end flow to safely retrieve the information and then use it with subsequent operations within your Data Flow. This security model allows you to be certain that Airkit can capture secure information about your users without storing that information long term.

Security details

Data stored with the Secure String Input control cannot be accessed by the client, but via the Secure Value Retrieval Data Operation. Each user keystroke is encrypted and transmitted over the network and back to our secure store, where the data is separated from the rest of the user's data. The time this data is stored is configurable but up to a maximum duration of 7 days, so it’s important that you process or use this data in a timely fashion. After that allotted time, we scrub the data from our systems entirely.

Securely capturing data using the Secure String Input Web Control

Click on the '+'  icon next to your Web Page to add the Secure String Input Web Control.

Then, go to General to configure the masking options of the control. In Right Icon, select password-visibility. By adding a password-visibility to either the left or right icon, you can now hide the input as the user is typing. This provides an additional layer of security to mask the users keystrokes as they are typing.

Retrieving the secure data

Once your data is safely secured, you can extract it using a Data Operation. Go to Connections Builder and create a new Data Flow. In Start, add a secure_value_key  input of type Text. Then add the Secure Value Retrieval Data Operation and in Secure Key, enter the  secure_value_key  variable.

The output variable can be used in subsequent operations or it can be returned to the main application. If you return the secure value from the Data Operation, the value will no longer be secure.

Hooking the Data Operation

This Data Operation can be invoked anywhere an action can. A typical approach would be to call it as part of a Button’s Clicked Event.

To start, lets look at the data that comes out of the Input control:

{
  "secure_string_input": "SecureStringInput-000000-0000-00-0000-00000000",
}

So, back to your Web Page, add a 'Submit' Button and go to Actions. Add the Run Data Flow action and select the recently created one. The secure_string_input will be the input, thus allowing you to retrieve the data for the specified key.


Did this page help you?