Encrypting Data

Data encryption enhances the security of an application by securing content that may be considered sensitive data. For example, when building out an application that captures a social security number, this data can be considered sensitive and would need to be encrypted. In this document, we discuss how to encrypt any data stored in Airkit's back-end.


Enterprise Feature

Viewing and editing encryption keys requires an ENTERPRISE license. If you would like to enable this feature for your Airkit Organization, please contact your Airkit representative or contact [email protected].

Encryption Keys

Encrypting and decrypting data requires an encryption key. There are two options when using encryption keys within Airkit: you can either use the default keys provided by Airkit or configure your own.

Default Keys

Every Airkit Organization get encryption keys automatically provisioned for each datastore (Development, QA, and Production). These keys are created using AWS KMS and are provisioned with the default configuration.

organizing info

Bring your own Keys

If the default key configuration does not meet security requirements, a custom AWS KMS Key can be created outside of Airkit and be associated to a datastore.

To create a custom encryption key, go to console.airkit.com > Settings > Encryption Keys and select Create new.Β 

organizing info organizing info

Enter a name for the custom key and pass the Reference Key. The reference key is the Amazon Resource Name (ARN) of the KMS Key. For more on finding the ARN see documentation on AWS.Β 

Encrypting Fields in AirData

Fields in AirData can be encrypted to secure sensitive content using the encryption key associated with the datastore. To associate an encryption key to a datastore, go to Console -> Datastores. Select the Datastore -> Properties and select the encryption key.

To AirData App Object attributes, go to AirData Builder and select one of the Object attributes. In the Inspector, check the Encrypt checkbox.


This will encrypt that field when the data is stored.


When a field of data is encrypted, that field cannot be used to query or filter as part of an AirData Request.