Encrypt/decrypt text strings

I want to encrypt text strings that my users can input via a form - I’m using Paperform to collect inputs that can include things like driver’s licence or passport numbers.

I want to encrypt these kinds of sensitive data, then write the encrypted string to my database. The idea is to avoid saving the sensitive data in plaintext in the DB.

Has anyone had experience with the Encryptor module in Make? Is there a best-practice playbook for this kind of set-up?

Hi @Foxy,

Some encryption is better than none, but encryption in storage only considers one part of data security.

You’ll also want to use the AES Encrypt (Advanced) module so that your private key doesn’t get stored in plaintext.

An AES 256-bit key can be expressed as a 64-character hexadecimal string (containing A-F 0-9).

Screenshot_2023-09-21_130703

As for picking between CBC vs GCM, here’s a Crypto.SE Q&A that answers the question: encryption - What is the difference between CBC and GCM mode? - Cryptography Stack Exchange

If you choose CBC, you’ll need to also store the Initialization Vector, and if you choose GCM, you’ll need to also store the Authentication Tag, alongside the encrypted data.

2 Likes

Thank you Sam, this is much appreciated!

A related question you might also be able to help with - we want to store this data as encrypted text strings, but we occasionally need to present the data to human team members for them to use in certain processes.

What would be a good way to present decrypted data via a console app or dashboard, along with other data that does not need to be encrypted at all…

I’m imagining I’d need a separate Make scenario to listen for a webhook or other trigger, then retrieve the encrypted data, decrypt it, and present it in some kind of console /dashboard app.

The dashboard will require secure login eg 2FA, and should host a button to trigger the retrieval process.

Not sure what that dashboard app should be built with. Are there any nice Make-friendly no-code candidates for this kind of thing?

Hey @Foxy ,

We’ve built a similar system for one of our clients where we needed to provide content using a unique and encrypted url. What you can do is indeed how you say;

  • Use a webhook as trigger and provide it with the required parameters to retrieve data from the storage
  • Retrieve the data
  • Return the data either encrypted/decrypted using the module again using a “webhook response” module

We usually use either Bubble or Retool to bulld systems that work with our integrations. Personally I really like Retool to build dashboards and management panels.

Hope this helpe! Let me know it goes :ok_hand:t2:

3 Likes