Protecting sensitive data
This page describes how to write client-side encrypted data to Serialized.All network communication to and from Serialized is encrypted using HTTPS. All your data stored in Serialized are encrypted at rest on disk. Sometimes, however, you need to store extra sensitive data in Serialized. For example, you might want to store a customer's credit card information or similar. Serialized provides a way to encrypt data client-side before it is sent to Serialized. This way you can be sure that the data is not readable by anyone who does not have access to the encryption key.
Encrypting data
Client-side encrypted data is saved in encryptedData field in the Event. The encryptedData field is an opaque
String field that will be saved in the event but never processed by any Serialized functions. You can use any
symmetric encryption algorithm you want to encrypt the data since Serialized will not try to decrypt or process this
data in any way.
var event = newEvent(new OrderPlaced()).encryptedData("some-encrypted-data").build();Mixing encrypted and unencrypted data
It is a common pattern to store some data in plain text and some data encrypted. For example, you might want to store amount and order number in plain text and the credit card information encrypted. Serialized supports this pattern by allowing you to mix encrypted and unencrypted data in the same Event.
{ "eventType": "OrderPlaced", "eventId": "a2bcae3a-85f6-4a6c-a50f-936479cc17b4", "data": { "orderId": "b1b0ee7c-c758-4f7b-8185-2bf599435eb9", "orderAmount": 1000 }, "encryptedData": "UHJvdGVjdCB5b3VyIHNlY3JldHMgYmV0dGVyIHRoYW4gdGhpcw=="}Encrypting data client-side has a couple of important consequences:
- You can 'delete' event sourced data by deleting the encryption key, as the data then will become lost forever
- You might not be able to use all the features of Serialized like Projections and Reactions.