Encryption rules

It may be necessary to write encryption rules when you want to encrypt data passed as part of GET/POST requests to processors or APIs on the instance. You can create rules for mapping elements of fields in requests to Glide table-field names.

Edge Encryption uses encryption rules executed on the proxy to map fields in a HTTP request to fields in a table. Each encryption rule is composed of a condition and an action. The condition identifies the type of request, and the action performs the mapping from fields in the request to fields in a table.

A set of encryption rules is installed as part of the Edge Encryption plugin. These rules handle the core platform use cases such as editing a field from the list edit form, updating a record from record form, direct web services, and the REST API. Applications created using standard forms and lists should work without needing custom encryption rules.

You must write encryption rules for scripted processors, scripted web services, scripted REST APIs, UIs, or Ajax scripts you develop, if data in the requests needs to be encrypted.

You must have the security-admin role to be able to create a rule. The script is checked for compliance with JavaScript syntax before the rule is saved.

Except for attachment requests, each HTTP request goes through the process of executing the encryption rule conditions until either all conditions return false, or one condition returns true. When a condition returns true, the action part of the rule is run, and the result is forwarded to the instance, i.e. no other conditions are evaluated. As a result, encryption rule conditions must be as specific as possible to avoid inadvertently satisfying the condition. If a generic condition for a rule is unavoidable, the rule should be marked with a high order value so that more specific rules are evaluated first.

Encryption rules are written using a combination of JavaScript and the Edge Encryption API that allows you to easily iterate through post parameters, and JSON and XML content in the request body. The API uses expressions similar to XPath to navigate through both JSON and XML content.

The API uses stream parsing to parse JSON and XML data, so it is recommended that operations on the data in the action part of an encryption rule process the data in one pass. Trying to fetch and parse the content of the request body multiple times may lead to unexpected results.

When creating encryption rules, you cannot use Glide APIs, script includes, business rules, or any global parameters such as current. Since the rules are created for HTTP Post and HTTP Get objects, a global variable request is available.

When creating encryption rules, you cannot use APIs from the white list manager or scoped applications.