Encrypting individual properties in Pega Platform
Pega Platform™ provides encryption of sensitive data while the data is at rest. You select the data that you want to encrypt, and Pega Platform encrypts the selected components. You can choose to encrypt individual properties or entire BLOB columns, based on performance considerations and data sensitivity. This article describes how to encrypt specific properties. For information on encrypting the entire BLOB, see Encrypting the storage stream.
Prior to Pega Platform 7.4, the TextEncrypted property type was used to encrypt properties. As a best practice, use a PropertyEncrypt access control policy as described below.
Defining rules in Pega Platform that use your cipher by using PropertyEncrypt access control policies
To use the PropertyEncrypt access control policy in Pega Platform, which is available beginning with Pega 7.4, do the following steps:
- If you are using Pega 8.1 or earlier, enable attribute-based access control for an instance of Pega Platform. This is enabled by default starting in Pega 8.2. For more information, see Enabling attribute-based access control.
- Create a PropertyEncrypt access control policy and list the properties that you want to encrypt. For more information, see Creating an access control policy.
The property is encrypted in the database, clipboard, logs, and search indexes. If there is no PropertyRead policy that obfuscates the property, the decrypted property value is visible to the user in a UI control. The property is automatically encrypted when a value is assigned to the property and saved to the database.
In report definitions, the property is displayed in report results and can also be referenced on the left side of filter conditions that use the Is equal and Is not equal operators. You cannot use this property elsewhere in report definitions (for example, to sort, rank, or group results, in SQL functions, and so forth).