Encrpyt item in Queue

orchestrator
queue
i_research

#1

Add sensitive data in the queue however it needs to be encrypt so that neither admin nor anyone else can have access to view this data.

Use Case -

  1. Request comes 24/7 via email or portal.
  2. The requests are validated and processed and added to the queue (SSN id’s and other details).
  3. The systems/applications (Mainframe/web) are up during 09:00 to 17:00
  4. Once the system/application are up the queue items will be processed.

#2

Admin (Orchestrator) or DB Admin (SQL)?


#3

Admin (Orchestrator)


#4

The data will be encrypted in DB therefore a DB Admin won’t be able to steal it.

Two possible implementations:

1.On AddQueueItem add a property SpecificDataEncrypted. SpecificData works exactly like now and won’t be Encrypted. SpecificDataEncrypted won’t be visible in the Orchestrator UI and only a robot can have access to it.

Pros: Full Flexibility to decide what data is Encrypted
Cons: Pressure on the developer to decide which goes Encrypted and which not. He will need to work with two QueueItem properties.

2.In the Orchestrator you have the option to encrypt the queue. Encrypted Queue means the entire Specific Data get Encrypted and not available in UI.

Pros: Centralized governance - decide at the Orchestrator level (and not at the process design level) what queue goes encrypted
Cons: Less flexibility. Everything will be encrypted or everything will be visible. Sometimes you need some data for debug, verify.

Note. This feature is dependent on the ItemIdentifier implementation.

@andrzej.kniola @sajal.chakraborty @richarddenton @b_s Please advise


#5

What about a separate column for data you want to encrypt and a property for these items.

Not saying this is a great idea just thinking out loud…


#6

Yes. That’s the first option when you’ll have EncryptedData and SpecificData at the same time.


#7

Cool. Then yes I think that’s the best option as you may want to report
directly on some of the non-sensitive data and wouldn’t be able to if it
was encrypted.

Rich


#8

Also for #1 - flexibility is needed and doing an all-or-nothing will lead to less projects using it, or having a need for external data storage for reportable things.


#9

Is SpecififDataEncrypted a property setting in server side?or it talks about the individual item in ItemCollection as a securestring


#10

H Vikas

I have tried to add a secure string in Queue collection and it throws JSON Error. Can you suggest how to encrypt specific items in queue collection in AddQueueItem. Also help me out to understand how the Specific Data Encrypted is to be set


#11

can you elaborate on option 1 . . our client requirement is to encrypt items in queue collections. in option 2 does it hide entire queue in orchestrator or only the item


#12

What is the use case

Have encrypt feature in orchestaror which only encypt specific collection items in queue

How do you see a solution for the use case?

It has to a configurable selection in orchestator made by admin