Encrypted Fields

Self-Hosted and Self-Managed Only

Liferay 7.4 U72+/GA72+

Liferay provides the encrypted field type for storing sensitive user data. To use encrypted fields, first add an encryption algorithm and key to your portal properties. Then add an encrypted field to your object definition. Once data is encrypted, only users with the decryption key can read it.

important

Encrypted fields store string values and cannot be used to encrypt images or file types. Filtering, sorting, and indexing are not supported for encrypted fields. Additionally, field encryption is not available for proxy object definitions.

Adding an Encryption Algorithm and Key

To use encryption algorithms and keys for objects, you must add these properties to your portal-ext.properties file:

object.encryption.algorithm=[value]

object.encryption.key=[value]

Supported algorithm values include AES, Blowfish, and DES. Encryption key values must use base64 encoding. For example:

object.encryption.algorithm=AES

object.encryption.key=D9z5Rwxkn+8SctNWW/q/OA==

Adding an Encrypted Field

  1. Open the Global Menu ( Global Menu ), go to the Control Panel tab, and click Objects.

  2. Begin editing the desired object definition.

  3. Go to the Fields tab and click Add ( Add Button ).

  4. Enter a Label and Field Name.

  5. Select the Encrypted field type.

  6. Determine whether the field is mandatory.

  7. Click Save.

    note

    You cannot save encrypted fields without an encryption algorithm and key.

You can use this field to store encrypted string values. If desired, you can configure the field limit the number of characters allowed.

Accessing Encrypted Data

Only users with the decryption key can read encrypted field values. If your Liferay instance has a valid encryption key, authorized users can view and export the field’s data via the Liferay UI or REST APIs. However, if an encryption key is lost or becomes invalid, users cannot access or export entries for any object definition with encrypted fields. When attempted, Liferay returns a 400 error and directs users to either insert a valid encryption key or remove the object’s encrypted fields to recover your entries.

important

Losing your key can result in data loss. Please manage your encryption key with care. You are responsible for ensuring your data and key are backed up and stored in a safe place.

Capabilities

Product

Contact Us

Connect

Powered by Liferay
© 2024 Liferay Inc. All Rights Reserved • Privacy Policy