Managing Encrypted Data

The sections in this topic extend the information described in the framework documentation's Managing Encrypted Data topic.

Initially Encrypting Data

The current supported configuration for encryption is using the key ring. For implementations using this configuration, performing initial encryption on all the fields defined in the encryption feature configuration, the information on how to encrypt this data for the first time is described in the framework documentation topic Initially Encrypting Data

In addition, if you have encrypted data defined in a Column Reference on the Order table, you will also need to run this background process:

C1-ECRVL: Encrypt Legacy Column Reference Values

For backwards compatibility, the product continues to support the legacy method of encryption using keystore. This is not recommended as it doesn't support key rotation. Legacy batch controls supplied to support this method of encrypting will no longer supported in an upcoming release.

Moving from Keystore to Key Ring

The framework documentation topic Moving from Keystore to Key Ring describes the basic steps to take to start using key ring to define your encryption keys rather that a keystore. For Customer Care and Billing implementations, the following additional steps are needed.

Previously, it was documented that you did not need entries in feature configuration for encrypting the External Account ID field on the Auto Pay Clearing Staging table (CI_APAY_CLR_STG) or the Payment Event Upload Staging table (CI_PEVT_DTL_ST). Moving forward, configuration is needed for these tables as described in External Account ID and Credit Card Number Encryption.
Previously, it was documented that you did not need entries in feature configuration for encrypting the Person ID Number on the Order Person ID table (CI_ENRL_PER_ID) table. Moving forward, configuration is needed for these tables as described in Person ID Number Encryption.