All Collections
Compliance and security
Encrypt form data at rest
Encrypt form data at rest

How to manage AES encryption for highly sensitive form data.

Peter Olsen avatar
Written by Peter Olsen
Updated over a week ago

If you store highly sensitive form data on Gluu, then you can encrypt this 'at rest' with the highly secure 256 bit CTR method. This means that only devices with your secret encryption key in the browser will be able to view form data. This way you can ensure that only hand picked users get access to specific data - and only from work devices. You can even create multiple encryption keys to use with different forms, so that different users can access different types of confidential information.

This article explains how to set it up and manage it.

Important: To ensure the maximum level of security Gluu doesn't manage your encryption keys themselves. This means that no Gluu staff can see your form data. We can also not retrieve or restore your keys. So the safe storage of keys is your own responsibility if you use this feature. If a key is lost then any data encrypted with this cannot be read.

Generate a new encryption key

  1. Be logged in as 'Account owner' (super-administrator)

  2. Go to 'Account settings' > 'AES Encryption.'

  3. Generate new key. This key is now stored in the local storage of your device's browser. This means that your current device can decrypt data.

Assign a key to a form to encrypt it

  1. Go to Gluu's 'Form builder.'

  2. Select the form that you want to encrypt.

  3. Select the key you want to use.

  4. Save your form. IMPORTANT! Once you save a form with a key, then this form's data can only be seen with the key and encryption cannot be turned off. 

  5. Publish your form to use it with tasks and activities.

Now your form is encrypted and data added to this will be encrypted both in draft mode and when submitted.

Add a key to another device:

  1. Go to 'Account settings' > 'AES Encryption.'

  2. Click 'Select keys to export', then check the ones you want to export

  3. Click 'Export' to save them in a .json file and save it on a memory stick.

  4. Plug the memory stick into the device you will allow to access the encrypted data.

  5. Open 'AES Encryption' and select 'import keys from file'.

  6. The key is now stored in the device's browser's local file storage.

This device can now also view the encrypted data.

Save your key for security purposes:

  1. Select the key to export (you can also do this later).

  2. Save the file with your key in a safe place - ideally offline so it's safe from hacker attacks.

Important: To ensure the maximum level of security Gluu doesn't manage your encryption keys themselves. This means that no Gluu staff can see your form data. We can also not retrieve or restore your keys. So the safe storage of keys is your own responsibility if you use this feature. If a key is lost then any data encrypted with this cannot be read.

Related Articles
Creating forms to distribute with tasks
Data security
Advanced filtering of activities, tasks, cases, components and forms
Using and filling in forms
Did this answer your question?