Encrypted/hidden variables?

Camunda 7 Topics Discussion & Questions
1

Hi,

I was wondering if there was any way (or future roadmap support) to encrypt or hide certain variables. For example, in a User task one might enter a password in a form field, that then gets stored as a variable. I would want a way to not expose certain variables from being exposed in the Cockpit, or via REST calls. I’m not sure how this would exactly work (perhaps some sort of encryption as variables of certain types get stored in the DB? Has anyone thought of approaches to this yet, or have any recommendations?

The use case is basically that only the User completing the user task should be able to see/know what the value is. The value would be transient, and used to access other services, then discarded…

Thanks,
Galen

1 Like
2

Hi Galen,

This thread may be of interest…

As an aside I used this javascript library to decrypt variables in a client form as required. Hence they are obfuscated if you look at the variables in cockpit etc. I used key based encryption where the key was either the process ID or the business key. Whilst this keeps prying eyes off the data, its really just obfuscation as the key was a process variable and thus not really secure…

I support your feature request, encrypted process variables as part of the core engine would be a nice feature at times…

regards

Rob

2 Likes