We keep all process data in json. To increase the security level, the data (json) must be digitally signed/sealed, so that even database administrator who have access to Camunda history tables, cannot change the data (json) in backwards.
One option could be to use any external blockchain service (like https://guardtime.com/).
As a good result we are looking (or planning to develop) a Camunda plugin which could be responsible for signing every process task data when process task is completed.
Hi,
In my experience there may be two aspects to what you want to achieve;
Confidentiality - only those who need access to the data can see the data
Integrity - tamper evident & non repudiation…
With regard to 1, encryption is the typical approach. This will likely apply to your process variables (and business data). Ive seen two approaches to this.
If you use something like AWS RDS, then you can encrypt the database such that data at rest, eg backups etc cannot be read without access to the encryption key. Access to the database by DBAs is audited rather than prevented.
The second approach is to perform application layer encryption. In this case, your process tasks would encrypt and decrypt the data on each access etc. Ive easily done this suing client side script in data entry forms and serverside script tasks. A credible javascript crypto library can be found here. The challenge here is managing the crypto keys. AGain a key managament service like AWS KMS can be useful… In addition this thread may be of interest.
With regard to 2, some approaches Ive seen are to create a tamper evident linked list in the audit/history table. Thus for each history entry perform a SHA256 hash of the entry’s content plush the hash of the prior record and store with the entry. More secure approaches use say an HMAC and/or an external timestamp service.
In the longer term, data encryption and a secure, tamper evident audit log would make useful feature requests…
You can setup a third party service that you use to get the Private Key or do the signing and return the SignedObject object, and store that object as a process variable.
You could sign/wrap every process variable or just do a final JSON object at the end of the process that wraps everything into a single SignedObject that represents your stored state.