we have run into a problem implementing encryption for variables stored in our database. The feature we are implementing is supposed to encrypt variables that are stored to the database before writing, and decrypt variables that are read from the database before they are cached and used in Camunda.
Our current implementation uses a custom JavaObjectSerializer that takes care of encryption and decryption before/after calling the default Camunda serializer.
Unfortunately, we ran into frequent OptimisticLockingExceptions (even when simply reading task variables), and after some investigation we figured out this happened because Camunda compared the serialized (i.e. encrypted) values of variables to determine if a value has changed and needs to be updated in the database. As our encryption implementation uses different IVs for each encryption, the two values will always be different and the variable is updated with every read.
Therefore I am wondering what the recommended way would be to implement this. Is there maybe a different extension point at a lower code level where we could for example intercept database reads and writes for variables and place our encryption there? Or should we take a completely different approach?
Thanks in advance,