Configure Edge Encryption on the instance Configure Edge Encryption by defining encryption keys, assigning fields and attachments to be encrypted, and specifying encryption patterns. To configure Edge Encryption, you must be connected to the instance through the proxy. Test all changes on a sub-production instance before making the changes to the production instance. Define encryption keys After setting up one or more proxies, you must configure the instance to use the encryption keys. This means entering the key alias (name), the key's size (128 or 256), and key type (file, Keystore, or Safenet) on the instance. After configuring the encryption keys, the instance verifies that the keys are available to all proxies. You cannot make an encryption key the default key unless all proxies have the key. Assign fields and attachments to be encrypted Assigning fields and attachments to be encrypted means assigning an encryption type to the field or attachment. Before marking a field as encrypted, evaluate these issues. Determine what system features might be impacted. Examine all scripts for use of the field. Make any desired adjustments to the field's size. After a field has been configured for encryption, the field size cannot be changed. Marking a field to be encrypted expands the field size to hold the extra space needed to store the encrypted data. The process of expanding the field size can take a long time depending on the number of records in the table. Specify encryption patterns The encryption patterns are string patterns to be replaced by tokens before being sent to and stored in the instance. You can define a string pattern or use one of the predefined patterns. Configure encryption keysEdge Encryption provides the tools to manage encryption keys without taking the proxy offline.Configure field encryptionSelect the fields to be encrypted and identify the encryption type.Configure attachment encryptionSelect the tables whose attachments are to be encrypted and identify the encryption type.Configure basic encryption patternsYou can build a pattern character by character. Configure advanced encryption patternsYou can build a pattern using a Java RegEx expression.Configure predefined encryption patternsEdge Encryption ships with a set of predefined encryption patterns. You can activate these patterns instead of creating your own patterns. Encryption key statesThe instance tracks the status of every encryption key available to any proxy.Deactivate an encryption configurationAfter configuring a field or a table's attachments to be encrypted, you can stop encryption by deactivating the encryption configuration. After deactivating encryption, you can run a Decryption job for fields or an Attachment Decryption job for attachments to remove the encrypted data from the instance.Change a field or attachment's encryption typeTo change a field or attachment's encryption type, you must deactivate the current encryption configuration, and then create an encryption configuration for the field or attachment. Create an encryption ruleEncryption rules are used by the proxy to find content in HTTP requests that should be encrypted.Encrypt data from a record producerRecord producers allow end users to create task-based records, such as incident records, from the Service Catalog and Service Portal. If a record producer attempts to insert data into a field marked for encryption, an invalid insert message displays and the data is not saved to the field. To configure your Edge Encryption proxy server to allow inserts from a record producer, create encryption rules from the record producer record.
Configure Edge Encryption on the instance Configure Edge Encryption by defining encryption keys, assigning fields and attachments to be encrypted, and specifying encryption patterns. To configure Edge Encryption, you must be connected to the instance through the proxy. Test all changes on a sub-production instance before making the changes to the production instance. Define encryption keys After setting up one or more proxies, you must configure the instance to use the encryption keys. This means entering the key alias (name), the key's size (128 or 256), and key type (file, Keystore, or Safenet) on the instance. After configuring the encryption keys, the instance verifies that the keys are available to all proxies. You cannot make an encryption key the default key unless all proxies have the key. Assign fields and attachments to be encrypted Assigning fields and attachments to be encrypted means assigning an encryption type to the field or attachment. Before marking a field as encrypted, evaluate these issues. Determine what system features might be impacted. Examine all scripts for use of the field. Make any desired adjustments to the field's size. After a field has been configured for encryption, the field size cannot be changed. Marking a field to be encrypted expands the field size to hold the extra space needed to store the encrypted data. The process of expanding the field size can take a long time depending on the number of records in the table. Specify encryption patterns The encryption patterns are string patterns to be replaced by tokens before being sent to and stored in the instance. You can define a string pattern or use one of the predefined patterns. Configure encryption keysEdge Encryption provides the tools to manage encryption keys without taking the proxy offline.Configure field encryptionSelect the fields to be encrypted and identify the encryption type.Configure attachment encryptionSelect the tables whose attachments are to be encrypted and identify the encryption type.Configure basic encryption patternsYou can build a pattern character by character. Configure advanced encryption patternsYou can build a pattern using a Java RegEx expression.Configure predefined encryption patternsEdge Encryption ships with a set of predefined encryption patterns. You can activate these patterns instead of creating your own patterns. Encryption key statesThe instance tracks the status of every encryption key available to any proxy.Deactivate an encryption configurationAfter configuring a field or a table's attachments to be encrypted, you can stop encryption by deactivating the encryption configuration. After deactivating encryption, you can run a Decryption job for fields or an Attachment Decryption job for attachments to remove the encrypted data from the instance.Change a field or attachment's encryption typeTo change a field or attachment's encryption type, you must deactivate the current encryption configuration, and then create an encryption configuration for the field or attachment. Create an encryption ruleEncryption rules are used by the proxy to find content in HTTP requests that should be encrypted.Encrypt data from a record producerRecord producers allow end users to create task-based records, such as incident records, from the Service Catalog and Service Portal. If a record producer attempts to insert data into a field marked for encryption, an invalid insert message displays and the data is not saved to the field. To configure your Edge Encryption proxy server to allow inserts from a record producer, create encryption rules from the record producer record.
