Encrypted fields in Liferay Objects.

What is encrypted fields?

Liferay provides the encrypted field type for storing sensitive user data.

Encrypted fields in Liferay objects refer to the practice of encrypting specific data fields within objects created and managed using the Liferay platform. This approach enhances data security and privacy, especially when dealing with sensitive or personally identifiable information (PII). Here are some key points about encrypted fields in Liferay objects:

Encrypted fields in Liferay objects are a critical component of data security and privacy, allowing organizations to protect sensitive information within their Liferay-based applications and comply with data protection regulations.

How to use

To use encrypted fields, first add an encryption algorithm and key to your portal properties. Then add an encrypted field to your object definition. Once data is encrypted, only users with the decryption key can read it.

Required Liferay Version : 7.4 U72+ / GA72+        

Adding an Encryption Algorithm and Key

To use encryption algorithms and keys for objects, you must add below properties to your portal-ext.properties file:

object.encryption.algorithm = [value]

object.encryption.key = [value]        

Supported algorithm values include AES, Blowfish, and DES. Encryption key values must use base64 encoding. For example:

object.encryption.algorithm = AES

object.encryption.key = D9z5Rwxkn+8SctNWW/q/OA==        

Adding an Encrypted Field

1. Open the Global Menu, go to the Control Panel tab, and click Objects.
2. Begin editing the desired object definition.
3. Go to the Fields tab and click Add (+).
4. Enter a Label and Field Name.
5. Select the Encrypted field type.
6. Determine whether the field is mandatory.
7. Click Save.

Accessing Encrypted Data

Only users with the decryption key can read encrypted field values. If your Liferay instance has a valid encryption key, authorized users can view and export the field’s data via the Liferay UI or REST APIs.

If an encryption key is lost or becomes invalid, users cannot access or export entries for any object definition with encrypted fields. When attempted, Liferay returns a 400 error and directs users to either insert a valid encryption key or remove the object’s encrypted fields to recover your entries.

Losing your key can result in data loss. Please manage your encryption key with care.

IMPORTANT NOTE

Encrypted fields store string values and cannot be used to encrypt images or file types. Filtering, sorting, and indexing are not supported for encrypted fields. Additionally, field encryption is not available for proxy object definitions.