Encrypting text

There are times when we shouldn't store plain text values in the database. This might apply to sensitive data like bank account and routing number. In those cases, here's what you can do:

  1. Install the "Encrypt & Decrypt Text Plugin" by AirDev

  2. Enter a secret key (this should be a 256 bit random text) the Plugins tab

    1. Note that previously we didn't recommend that this was a 256 bit random text. However, if the secret key is not truly random, then the security of encryption decreases dramatically. This type of text can be generated by an action from the plugin, which uses node.js' "crypto" library to generate a secure secret key text. (See screenshot below where this workflow is shown.)

  3. Whenever a sensitive value is entered, encrypt it using an action and store it in the database

  4. Whenever a sensitive value needs to be displayed or used, decrypt it using an action and show it

Hashing instead of encrypting

When working with things like passwords, which need to be saved for authentication purposes but whose actual contents never need to be decoded, they should be hashed instead of encrypted. When a text is hashed properly, it is very difficult to get the initial text.

For a secure approach to hashing text, use this plugin's "hash with salt" workflow.

  1. Enter the text to be hashed to the "input string" field.

  2. Leave the rest of the fields as-is (unless you have good reason for changing them).

  3. Save the results of the hashing operation on some object.

  4. To later validate a value against a hashed text, be sure to use the same salt that was used the first time.

Hashing multiple texts with the same salt can allow for a Rainbow Table Attack, a method of retreiving the un-hashed version of hashed data.