Capture Secure User Data
Introduction
Secure Stringsย provide a way to capture sensitive information from the user. This might be the individual's password or maybe their Social Security Number. As this kind of information is very sensitive, it requires an extra level of care.
Using the Secure String Input Web Control together with the Secure Value Retrieval Data Operation creates an end-to-end flow to safely retrieve the information and then use it with subsequent operations within your Data Flow. This security model allows you to be certain that Airkit can capture secure information about your users without storing that information long term.
Security details
Data stored with the Secure String Input control cannot be accessed by the client, but via the Secure Value Retrieval Data Operation. Each user keystroke is encrypted and transmitted over the network and back to our secure store, where the data is separated from the rest of the user's data. The time this data is stored is configurable but up toย a maximum duration of 7 days, so itโs important that you process or use this data in a timely fashion. After that allotted time, we scrub the data from our systems entirely.
Securely capturing data using the Secure String Input Web Control
Click on theย '+'ย icon next to your Web Page to add the Secure String Input Web Control.
Then, go to General to configure the masking options of the control. In Right Icon, select password-visibility. By adding a password-visibility to either the left or right icon, you can now hide the input as the user is typing. This provides an additional layer of security to mask the users keystrokes as they are typing.
Retrieving the secure data
Once your data is safely secured, you can extract it using a Data Operation. Go to Connections Builder and create a new Data Flow. In Start, add aย secure_value_key
ย input of type Text. Then add theย Secure Value Retrieval Data Operation and in Secure Key, enter theย ย secure_value_key
ย ย variable.
The output variable can be used in subsequent operations or it can be returned to the main application. If you return the secure value from the Data Operation, the value will no longer be secure.
Hooking the Data Operation
This Data Operation can be invoked anywhere an action can. A typical approach would be to call it as part of a Buttonโsย Clickedย Event.
To start, lets look at the data that comes out of the Input control:
{
"secure_string_input": "SecureStringInput-000000-0000-00-0000-00000000",
}
So, back to your Web Page, add a 'Submit' Button and go to Actions. Add the Run Data Flow action and select the recently created one. Theย secure_string_inputย will be the input, thus allowing you to retrieve the data for the specified key.
Updated over 1 year ago