Encrypted Fields

Self-Hosted and Self-Managed Only

Liferay 7.4 U72+/GA72+

Liferay provides the encrypted field type for storing sensitive user data. To use encrypted fields, first add an encryption algorithm and key to your portal properties. Then add an encrypted field to your object definition. Once data is encrypted, only users with the decryption key can read it.

Adding an Encryption Algorithm and Key

To use encryption algorithms and keys for objects, you must add these properties to your portal-ext.properties file:

object.encryption.algorithm=[value]

object.encryption.key=[value]

Supported algorithm values include AES, Blowfish, and DES. Encryption key values must use base64 encoding. For example:

object.encryption.algorithm=AES

object.encryption.key=D9z5Rwxkn+8SctNWW/q/OA==

Adding an Encrypted Field

1. Open the Global Menu ( ), go to the Control Panel tab, and click Objects.

2. Begin editing the desired object definition.

3. Go to the Fields tab and click Add ( ).

4. Enter a Label and Field Name.

5. Select the Encrypted field type.

6. Determine whether the field is mandatory.

7. Click Save.

   note

   You cannot save encrypted fields without an encryption algorithm and key.

You can use this field to store encrypted string values. If desired, you can configure the field limit the number of characters allowed.

Accessing Encrypted Data

Only users with the decryption key can read encrypted field values. If your Liferay instance has a valid encryption key, authorized users can view and export the field’s data via the Liferay UI or REST APIs. However, if an encryption key is lost or becomes invalid, users cannot access or export entries for any object definition with encrypted fields. When attempted, Liferay returns a 400 error and directs users to either insert a valid encryption key or remove the object’s encrypted fields to recover your entries.

Related Topics

• Portal Properties
• Adding Fields to Objects