Security is essential to us and the integrity of your application or business depends on it. This is why we've taken specific measures and installed security best practices so that you can build on Xano confidently.
Secure Data Storage
All data stored within Xano is encrypted at rest. Data is considered at rest when it resides on a storage device and is not being actively transferred through networks. Encryption in this state performs a secure encoding on the data to protect the data. Since the data is encrypted on the physical storage device an attacker must first steal the hard drive and then decrypt the encryption making it particularly difficult to hack. This type of data storage is highly recommended by industry and government regulations.
Learn more about security best practices here.
Encrypt & Decrypt Functions
Security functions, including Encrypt and Decrypt, bring added security to your function stack and application.
Encrypt
Encrypt a payload as raw binary data.
Data - add the data or payload that you want to encrypt
Algorithm - choose between six algorithms (cbc or gcm)
Key - A key can be generated from one key generating function or you can insert raw text as your key. This same key will be needed to decrypt the data.
IV - This is either 16 or 12 characters depending on your algorithm (cbc requires 16 characters and gcm requires 12). This information should be kept hidden in an env variable. If you are sending encrypted data to someone, then they would need to know this.
Tip: For certain use cases when passing the encrypted value through a URL, it is recommended to use the base64_encode_urlsafe filter.
Decrypt
Decrypt a payload to its original form.
