Encrypted documents

We have a need for files that are uploaded by the user to be encrypted "at rest" to prevent system administrators from accessing those documents.  Does anyone have experience with this?   We are interested in any options, disk encryption, plugins, calls to command line tools.   In particular we're interested in a) how, and b) how were the keys stored.

Thanks

  Discussion posts and replies are publicly visible

Parents
  • +1
    Certified Lead Developer
    Hi @Richard Nolan I agreed with and I wouldn't recommend you to neither use Bade64 conversion nor storing the documents into db.

    Reasons:
    1. When you convert a document into Base64, it's generated file size will be much bigger than its actual one. Also this entire conversion output will be stored in memory which causes lot of performance issues.

    2. When you are trying to store the document into db, then the conversion procedure takes huge amount of time, and being an end user I would like to receive the documents with no delay unless size is pretty huge, or it needs to get transferred through some third party systems j to Appian KC. Also when you store the documents into db, this increases the db volume and you may come across through lot many performance issue with respect to DB also while dumping this data from one environment to another will be a challenging one.
Reply
  • +1
    Certified Lead Developer
    Hi @Richard Nolan I agreed with and I wouldn't recommend you to neither use Bade64 conversion nor storing the documents into db.

    Reasons:
    1. When you convert a document into Base64, it's generated file size will be much bigger than its actual one. Also this entire conversion output will be stored in memory which causes lot of performance issues.

    2. When you are trying to store the document into db, then the conversion procedure takes huge amount of time, and being an end user I would like to receive the documents with no delay unless size is pretty huge, or it needs to get transferred through some third party systems j to Appian KC. Also when you store the documents into db, this increases the db volume and you may come across through lot many performance issue with respect to DB also while dumping this data from one environment to another will be a challenging one.
Children
  • Hi Alok,

    We unfortunately have to use the base64 document to database function (for at least the next 1/2 year) for a variety of reasons. Thankfully these are small files and need to be archived rather than receive constant use.

    Thanks for your input, I've relayed all of the concerns mentioned to our project team, but they are adamant.
  • Hi Richard,

    Did you consider the approach of removing System Admins from the Designer role in Production to prevent them from accessing documents from the Design interface? By doing this, you may also have to setup a basic user with Designer access for Import of applications and Monitoring of process issues, if any. But, this approach would mean that System Admins wouldn't have access to Design interface, and hence wouldn't have access to documents.