Encrypting in Column Level Encryption (CLE) using scripts

Dan Martinez
Tera Expert
‎04-15-2024 06:09 AM

Overview

In this other article I talked about encrypting columns (fields) with "Column Level Encryption". However, the article didn't cover one aspect I have been recently asked about. The question some people raise is "What happens if I want to encrypt the data via a script, rather than letting a user enter a value in a field?", especially when talking about Record Producers. This article will show how to deal with this situation and what condition we need to be aware of.

 

Limitation

Unfortunately, the "GlideCryptoModule" library that allows us to encrypt/decrypt data in CLE is only available in the "Column Level Encryption Enterprise" (CLEE) product, the paid version of CLE. If we try to use the script below we would get the following error:

 

errorCLE.png

 

Please, bear in mind the title is not a clickbait, I just want people looking for using scripts on CLE to find this article and understand they cannot unless they upgrade to the paid version.

 

How to do script it

Let's use the example used in the original article, where we had a field called "u_secret" in our Incident table, and had a cryptographic module called "global.standard". In case we would like to capture a value in a variable and then encrypt it into that field, we could use a script to do so. 

 

In our record producer we have a variable called "secret" that we will use in the script, and also the script shown below:

 

rp.png

 

In such case, all we have to do is using the script shown in the screenshot:

 

var gc = global.GlideCryptoModule.getModule('global.standard');
current.setValue("u_secret",gc.encryptData(producer.secret));

 

The script above will get the cryptographic module defined in the article mentioned in the overview and encrypt the content of our "secret" variable into the "u_secret" string field we used in that article.

 

In case we would like to decrypt data it would be as simple as doing the opposite. Here is an example of the script we would need to use if we wanted to decrypt later on the content of "u_secret" present in an Incident. Bear in mind this could be done in any script where "current" is Incident:

 

var gc = global.GlideCryptoModule.getModule('global.standard');
gc.decryptData(current.u_secret);

 

More info

More information can be found in this docs article which, unfortunately, is the only one I found about this topic on the internet.

 

Please, share the post if you found it interesting and click on "Like".

  • 2,324 Views
1 Comment
Popular Blog Posts