Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Edge Encryption limitations

Log in to subscribe to topics and get notified when content changes.

Edge Encryption limitations

Edge Encryption impacts system functions. Carefully evaluate the impact of encrypting a field.

Field type restrictions

Restrictions on encrypting field types.
  • The following field types can be encrypted:
    • String
    • Journal
    • Journal Input
    • URL
    Choice fields, virtual fields, and any fields other than string and journal fields cannot be encrypted. See Field types for more information.
  • Fields in system tables, except for certain fields in sys_user, cannot be encrypted.
  • System fields in tables cannot be encrypted.
  • Fields named "number" and fields associated with an auto-numbering scheme cannot be encrypted.
  • When a Journal field is encrypted, the Post button is disabled, even if there are multiple Journal fields and only one of those fields is encrypted.
  • Encrypted fields are not available in Go to and header filter boxes.
  • When encrypting fields used as an index, only order preserving and equality preserving encryption types can be used. Indexed fields cannot be encrypted using the standard encryption type.

Configuration restrictions

Restrictions and behavior of encryption configurations.
  • After a field has been added to the Edge Encryption Configuration table, the configuration record cannot be deleted. If you no longer want a field to be encrypted, deactivate the record in the Edge Encryption Configuration table and schedule an encryption job to decrypt the data.
  • If a field in a parent table is marked to be encrypted, the field in all inherited tables is also encrypted. For example, if the short description field in the Task table is encrypted, then the contents of the short description field in the Incident table are encrypted.
  • If a field inherited from a parent table is marked to be encrypted, the field in the parent table cannot be encrypted. For example, if short description in the Incident table is marked to be encrypted, then short description in the Task table cannot be encrypted. In the example, you can encrypt the short description in the Problem table.
  • When a field with an encryption configuration defined is exported to any format, the output includes encrypted values even when exported through the proxy server. Importing data to a field with an encryption configuration defined is not supported.

Instance restrictions

Impact of using Edge Encryption on the instance.
  • Back-end logic cannot process encrypted data. When the instance contains encrypted data, any business rule, back-end script, or back-end feature that relies on evaluating the data in the encrypted field does not run correctly.

    Note: Data encrypted with equality preserving encryption will still pass equivalence checks when compared against an identical encrypted value.
  • Scripts run on the server cannot change encrypted data.
  • Global search is not supported. Because global search attempts to search both encrypted and clear text data, the results may not be as expected.
  • Encrypted data cannot be copied and pasted into a record where the field is not encrypted.
  • Depending on the type of encryption selected, the user interface functionality for the encrypted fields is reduced. For example, being able to compare, group by, sort, and search may be impacted. Generally, the stronger the encryption selected, the more functionality is reduced.
  • Other than file store, Java KeyStore, and SafeNet, no third-party software or hardware encryption key management is supported.
  • While multiple proxy servers connected to a single instance are supported, encryption proxy cluster management and monitoring are not available. Each proxy must be managed separately.
  • System configurations such as workload and the number of encrypted fields can impact the performance of encrypted fields.
  • The Edge Encryption proxy server can only connect to a single instance.
  • If your instance uses an Oracle database and the string field you are marking to be encrypted is greater than 2925 characters, that field cannot be sorted even when order preserving encryption is selected.
  • If your instance uses an Oracle database, Unicode AL32UTF8 is the only supported character set.
  • Encrypted values included in emails are encrypted.
  • Encrypted data cannot be used in reports.