How to encrypt variables in the process

Piotr_Balicki · April 20, 2021, 11:23am

In the company, we use your “Camunda” solution. I have a question. Do you know how to encrypt variables in the process? It’s all about sensitive data

StephenOTT · April 20, 2021, 11:55am

See Process Variable Encryption (scripting)

fml2 · April 20, 2021, 5:21pm

I’d probably create a wrapper classe around the DelegateExecution class, and defined there some methods for transparently encrypting/decrypting variables. The API would still be exe.getVariable(…) and exec.setVariable(…). Wht’s get passed into would not be just the var name but rather an object describing the variable, i.e. its name and whether it should be encrypted.

StephenOTT · April 20, 2021, 9:50pm

If you have access to modify the engine then it is better to encrypt using a FieldSerializer which is what serializes and deserializes from the variable tables in the DB. You can then store references to which certs or secret store locations were used. The field serializer can then be registered through engine config.

Webcyberrob · April 21, 2021, 5:57am

Hi,

Similar to @StephenOTT 's post, Ive successfully used a plain vanilla java SealedObject with keys managed by an AWS KMS service. Hence very easy to setup using the AWS SDK and very reliable and secure. The AWS KMS service also gives you key management, rotation, archive etc…

regards

Rob

system · January 30, 2024, 1:01pm