Encrypted Fields
Self-Hosted and Self-Managed Only
Liferay 7.4 U72+/GA72+
Liferay provides the encrypted field type for storing sensitive user data. To use encrypted fields, first add an encryption algorithm and key to your portal properties. Then add an encrypted field to your object definition. Once data is encrypted, only users with the decryption key can read it.
Encrypted fields store string values and cannot be used to encrypt images or file types. Filtering, sorting, and indexing are not supported for encrypted fields. Additionally, field encryption is not available for proxy object definitions.
Adding an Encryption Algorithm and Key
To use encryption algorithms and keys for objects, you must add these properties to your portal-ext.properties
file:
object.encryption.algorithm=[value]
object.encryption.key=[value]
Supported algorithm values include AES
, Blowfish
, and DES
. Encryption key values must use base64 encoding. For example:
object.encryption.algorithm=AES
object.encryption.key=D9z5Rwxkn+8SctNWW/q/OA==
Adding an Encrypted Field
-
Open the Global Menu ( ), go to the Control Panel tab, and click Objects.
-
Begin editing the desired object definition.
-
Go to the Fields tab and click Add ( ).
-
Enter a Label and Field Name.
-
Select the Encrypted field type.
-
Determine whether the field is mandatory.
-
Click Save.
noteYou cannot save encrypted fields without an encryption algorithm and key.
You can use this field to store encrypted string values. If desired, you can configure the field limit the number of characters allowed.
Accessing Encrypted Data
Only users with the decryption key can read encrypted field values. If your Liferay instance has a valid encryption key, authorized users can view and export the field’s data via the Liferay UI or REST APIs. However, if an encryption key is lost or becomes invalid, users cannot access or export entries for any object definition with encrypted fields. When attempted, Liferay returns a 400 error and directs users to either insert a valid encryption key or remove the object’s encrypted fields to recover your entries.
Losing your key can result in data loss. Please manage your encryption key with care. You are responsible for ensuring your data and key are backed up and stored in a safe place.