Archer allows you to encrypt the following field types in an application: Attachment, Date, IP Address, Image, Numeric, and Text.
The purpose of encryption is to protect sensitive data in the database and the file repository. Encrypted field data is stored in the Encrypted folder in the file repository. When you encrypt a field, all data in that field, whether in the record or through a data feed or import, is encrypted in the database. Encrypted fields display data in the record as normal text. Files and images associated with encrypted attachment and image fields are decrypted when downloaded. You can encrypt new and existing fields.
On this page
Impact of Encrypted Fields in Archer
|
Related Area |
Impact |
|---|---|
|
Calculations |
You cannot reference encrypted fields in a calculated field. You can calculate encrypted fields. |
|
Data feeds/imports |
If the incoming data targets an encrypted field, the data will be stored in the database in an encrypted format. Archer to Archer data feeds support encrypted attachments and images. When encrypted files are exported from an instance, they are unencrypted. If the target instance has encryption enabled, the files are encrypted. If the target instance does not have encryption enabled, the files are not encrypted. |
|
History log |
History logs are kept for encrypted fields. |
|
Search (global search) |
Encrypted fields are not supported. |
|
Advanced search filters |
Encrypted fields support only Equals and Does Not Equal filters. Encrypted fields cannot perform statistical search operations, for example Group By and Count. |
|
Layout rule filters |
Encrypted fields are supported for all standard field filter options in a layout rule. |
|
Record Lookup Configuration |
Only the filter options Equals, Does Not Equal, Field Value Match, and Field Value Does Not Match are available for encrypted fields. |
|
Offline sync |
You cannot sync an application with encrypted fields offline. |
|
Subscription Notification filters |
Only the filter options Equals, Does Not Equal, Field Value Match, and Field Value Does Not Match are available for encrypted fields. |
Enable field encryption at the instance level
You must enable field encryption at the instance level in the Archer Control Panel. For more information, see "Enable Field Encryption for an Instance" in the Archer Control Panel Help.
Encrypt a field
When adding or editing field options, select Encrypt Field Data to encrypt the field.
Note: You can disable encryption for an existing encrypted field by clearing the checkbox.
Complete the following tasks:
- Adding Date Fields
- Adding IP Address Fields
- Adding Numeric Fields
- Adding Text Fields
- Adding Attachment Fields
- Adding Image Fields
Note: Encrypted attachments and images are located in the Encrypted folder in the file repository.
Troubleshooting field encryption
|
Issue |
Cause |
Resolution |
|---|---|---|
|
Encrypted fields do not display the data. |
The Key Encryption Key (KEK) for 1 or more of your instances is missing.
|
Verify whether the KEK is present on each of your Web Servers and Services Servers and add the KEK wherever it is missing. For instructions, see "Enable Field Encryption for an Instance" in the Archer Control Panel Help. |
|
When a user logs in, the following message appears: Configuration error, some of the data may be blank. Please contact your administrator. |
||
|
When the system administrator logs in, the following message appears: The encryption key is missing. Please provide a new key in the system. Dismiss? |
||
|
The following message appears in the error logs: Either Key Encryption Key is missing or inaccessible. |
||
|
When editing an encrypted field, you receive an unexpected error. |
||
|
When the Configuration Service is starting, the following message appears: Key Encryption Key for the following instances were either missing or could not be accessed: Instance1, Instance2. |
