Use an encrypted field in a Notification

Garp Pahlow · ‎01-24-2018

I have a field on a form that is encrypted. In order to see it the user needs to set their Encryption Context with the picker. The customer needs to be able to have notifications sent to the email address that is stored in that field: in the "Who will receive" tab in the "Users/Groups in fields" field. Seems that the notifications run at a system level without the appropriate encryption context and thus ignores that field. Anyone know if it is possible to configure something to have the notification decrypt the field so it can be used as a recipient for the email?

ark6 · ‎01-24-2018

Hi Gary,

Without using the field in the "Who Will Receive" tab,can you try pulling that value in the email script and use the AddCC() function to add the email addresses in the CC of the email.

You could use the getDIsplayValue() to get the value of an encrypted field as mentioned in the docs.

Return a Decrypted Field Value

Garp Pahlow · ‎01-25-2018

Did not work. getDisplayValue() returns the enrypted value still. Need to be able to decrypt the field first. I tried setting the contextID in the email script, but that call fails. To further complicate things, this is a scoped app. I tried creating the notification and email script under both Global scope and the scoped application. Both fail. Looks like the email script does not have access to use the context. No way to assign it to the system as far as I can tell.

jarodm · ‎01-25-2018

Exactly right. Anything that uses impersonation (inbound email processing, async BRs, notifications) will not be able to get access to the encryption context.

Looks like you'll either have to temporarily store that data in an unencrypted (but still secure) field or have something different trigger the notification. (Alternative trigger would be an interactive action by a user with the context. The email address field could then be put into parm1/parm2 of an event)

Garp Pahlow · ‎01-25-2018

A regular before business rule is able to use the encrypted field. Need to be a user with the right encryption context, which an agent would have. The business rule does a getDisplayValue() on it to make it readable. I then pass it to an eventQueue call. The email Notification triggers on that event and can use it.