Data encryption is the process of encoding data in order to protect the confidentiality, integrity, and authenticity of information during transmission. Aperture Data Studio is designed with integrated security features, and one of these is data encryption - the capability of encrypting exported data and decrypting imported data.
Cryptography as a field has spurred the birth of public key encryption, which is an industry standard cryptographic system. In public key encryption, a public key is used for encrypting data, whereas a corresponding private key is used for decrypting data.
The supported encrypted file types are:
Additionally, Aperture Data Studio also supports encryption key management. Encryption keys can be assigned to specific users or roles through RBAC. Users with this capability are able to save, export, and import encryption keys in a secured manner.
Aperture Data Studio supports public key encryption for Pretty Good Privacy (PGP) encrypted files.
PGP is a key-based encryption method which utilises two cryptographic keys; a public key to encrypt a file and a corresponding private key to decrypt it.
When generating a PGP key pair, a passphrase has to be specified. This is required by the private key; only an authorized user with knowledge of the passphrase can use the private key. This provides a two-layer protection against unauthorized access to the contents of the encrypted file.
To manage data encryption operations, ensure that:
To create a key:
To edit a key:
When importing or exporting any encrypted files, a valid encryption key is required to ensure that the operation is permitted for the user.
Data encryption keys can be pinned to a particular usage in Datasets or Workflows, so that the same encryption key is used consistently.
When adding a Dataset from an encrypted file, you will need to select an existing encryption key or enter a new encryption key to be associated with the Dataset. The data encryption keys available for selection are only those that your user has permission to use.
Once set, this data encryption key will be used whenever the Dataset is refreshed by any user, even for those with no direct permission to access the data encryption key.
Data encryption keys are available in different Spaces within the same Environment.
To upload a locally stored encrypted file:
When exporting records using the Export step in the workflow designer, the user will need to specify the data encryption key to be used to encrypt the output file. You can specify the desired encryption type for the exported file.
Another user with access to the Space can modify the data encryption key used in the workflow's Export step. Once the data encryption key has been set, this data encryption key will be used whenever the workflow is executed (including scheduled execution), even by those with no direct permissions to access the data encryption key.
Additionally, you can also export encrypted files to an external system in the same manner. Find out how to export data to an external system.