Store sensitive data

  • 3 December 2020
  • 4 replies
  • 154 views

Userlevel 3
Badge +5

There are multiple connectors that require authentication either bij username-password or apikey. Since these are sensitive data I want these to be encrypted.

These values can also change between deployments, as production connections are different than in development.

Questions:

What are the options to encrypt these data and are the advantages/disadvantages of these methods?

What is preferred method with Thinkwise?


4 replies

Userlevel 7
Badge +23

Hi Roy,

Introduced in the 2021.1 version is the Application connector. This connector can be used instead of a database connector and does not require username and password. In the Documentation I linked you can find more info about it. The application ID or Alias will then dictate on which database the SQL query will be executed.

Kind regards,
Mark Jongeling

Userlevel 3
Badge +5

Hi Mark,
The connectors I was referring to were the HTTP connector and the SMTP connector (and there may be more), not the application connector.

Hope you also have an alternative for these connectors as well.

PS I have no experience yet with the database and/or application connectors. Maybe worth looking into.

Kind regards,

Roy

Userlevel 2
Badge +4

Hi Mark,
I create a master key with a certificate and a sp for encrypt/decrypt, works fine for me.

https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/create-a-database-master-key?view=sql-server-ver15

https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/encrypt-a-column-of-data?view=sql-server-ver15

Userlevel 3
Badge +5

Hi Eurban,

I hope that I'm missing some point. If so, please enlighten me.

Since you have to supply the password to the connector you are now probably doing this with a process variable. In a previous step this process variable is calculated through this stored procedure that produces the required password.

If so, isn't this moving the problem from the model to the database?

And, unfortunately you are still able to get the original password in two ways. First by calling the stored procedure and the other by debugging the Thinkwise process flow and seeing its value.

I hope that I'm wrong.

Reply