How to encrypt variables in the process

In the company, we use your “Camunda” solution. I have a question. Do you know how to encrypt variables in the process? It’s all about sensitive data

See Process Variable Encryption (scripting)

2 Likes

I’d probably create a wrapper classe around the DelegateExecution class, and defined there some methods for transparently encrypting/decrypting variables. The API would still be exe.getVariable(…) and exec.setVariable(…). Wht’s get passed into would not be just the var name but rather an object describing the variable, i.e. its name and whether it should be encrypted.

If you have access to modify the engine then it is better to encrypt using a FieldSerializer which is what serializes and deserializes from the variable tables in the DB. You can then store references to which certs or secret store locations were used. The field serializer can then be registered through engine config.

Hi,

Similar to @StephenOTT 's post, Ive successfully used a plain vanilla java SealedObject with keys managed by an AWS KMS service. Hence very easy to setup using the AWS SDK and very reliable and secure. The AWS KMS service also gives you key management, rotation, archive etc…

regards

Rob

1 Like