Encrypting Data

Data encryption enhances the security of an application by securing content that may be considered sensitive data. For example, when building out an application that captures a social security number, this data can be considered sensitive and would need to be encrypted. In this document, we discuss how to encrypt any data stored in Airkit's back-end.

Encryption Keys

Encrypting and decrypting data requires an encryption key. There are two options when using encryption keys within Airkit: you can either use the default keys provided by Airkit or configure your own.

Default Keys

Every Airkit Organization get encryption keys automatically provisioned for each datastore (Development, QA, and Production). These keys are created using AWS KMS and are provisioned with the default configuration.

organizing infoorganizing info

Bring your own Keys

If the default key configuration does not meet security requirements, a custom AWS KMS Key can be created outside of Airkit and be associated to a datastore.

To create a custom encryption key, go to console.airkit.com > Settings > Encryption Keys and select Create new.ย 

organizing infoorganizing info organizing infoorganizing info

Enter a name for the custom key and pass the Reference Key. The reference key is the Amazon Resource Name (ARN) of the KMS Key. For more on finding the ARN see documentation on AWS.ย 

Encrypting Fields in AirData

Fields in AirData can be encrypted to secure sensitive content using the encryption key associated with the application. To associate an encryption key to an app, open the relevant app in the Studio and select an encryption key from the dropdown menu provided in Settings -> Encryption.


To AirData App Object attributes, go to AirData Builder and select one of the Object attributes. In the Inspector, check the Encrypt checkbox.


This will encrypt that field when the data is stored.


When a field of data is encrypted, that field cannot be used to query or filter as part of an AirData Request.