Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

Encrypting individual properties

Updated on June 30, 2021

Pega Platform provides encryption of sensitive data while the data is at rest. You select the data that you want to encrypt, and Pega Platform encrypts the selected components. You can choose to encrypt individual properties or entire BLOB columns, based on performance considerations and data sensitivity. This article describes how to encrypt specific properties.

For information on encrypting the entire BLOB, see Encrypting the storage stream (BLOB).

Prior to Pega Platform 7.4, the TextEncrypted property type was used to encrypt properties. As a best practice, use a PropertyEncrypt access control policy as described below.

Defining rules in that use your cipher by using PropertyEncrypt access control policies

To use the PropertyEncrypt access control policy in Pega Platform, which is available beginning with Pega 7.4, do the following:

  1. If you are using Pega 8.1 or earlier, enable attribute-based access control for an instance of Pega Platform. This is enabled by default starting in Pega 8.2. For more information, see Enabling attribute-based access control.
  2. Create a PropertyEncrypt access control policy and list the properties that you want to encrypt. For more information, see Creating an access control policy.

The property is encrypted in the database, clipboard, logs, and search indexes. If there is no PropertyRead policy that obfuscates the property, the decrypted property value is visible to the user in a UI control. The property is automatically encrypted when a value is assigned to the property and saved to the database.

In report definitions, the property is displayed in report results and can also be referenced on the left side of filter conditions that use the Is equal and Is not equal operators. You cannot use this property elsewhere in report definitions (for example, to sort, rank, or group results, in SQL functions, and so forth).

  • Previous topic Storage stream encryption of selected classes
  • Next topic Key management system for application data encryption

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us