Data encryption enhances the security of an application by securing content that may be considered sensitive data. For example, when building out an application that captures a social security number, this data can be considered sensitive and would need to be encrypted. Whether that data is a field within an app object or a variable created in an activity (web flow, web page, chat bot, voice bot), any of that data can be encrypted in the studio. This article will cover the following:
In order to encrypt/decrypt data, this requires an encryption key. There are two options when using encryption keys within Airkit, developers can either use the default keys that get created or bring your own encryption key.
Every Airkit Organization get encryption keys automatically provisioned for each datastore (Development, QA, and Production). These keys are created using AWS KMS and are provisioned with the default configuration.
Bring your own Keys
If the default key configuration does not meet security requirements, a custom AWS KMS Key can be created outside of Airkit and be associated to a datastore.
To create a custom encryption key, go to console.airkit.com > Settings > Encryption Keys and select Create new.
Enter a name for the custom key and pass the Reference Key. The reference key is the Amazon Resource Name (ARN) of the KMS Key. To find the ARN see here.
Variables created in the studio can be encrypted to secure sensitive data. After encrypting a variable, the variable can still be read and set like normal across and application and app preview, the only difference is that when it is stored in in Airkit's databases, the variables will be encrypted.
To encrypt a variable, right click on the variable and select Encrypt.
Encrypting Fields in AirData
Fields in AirData can also be encrypted to secure sensitive content using the encryption key associated with the datastore. To associate an encryption key to a datastore, go to console.airkit.com > Datastores and select a datastore. Then select the Encryption tab and an encryption key from the dropdown list.
To encrypt fields in an AirData App Object, go to Data Builder and select one of the fields of a created App Object. Then in the Inspector check the Encrypt flag to encrypt that field.
This will encrypt that field when the data is stored.
Note: There are limitations to data that is encrypted which include not being able to search or filter on that field.