Securing data with Make

data security is important for operational integrity, confidentiality, and authentication you can use a variety of methods to secure your data in methods and use cases select a method for more detailed information, including sample use cases with step by step instructions aes (advanced encryption standard) docid\ kwne2u3w9orbkjlduee9o aes is a symmetric algorithm that uses the same key for both encryption and decryption pgp (pretty good privacy) docid\ qsaaf5s fmxae7x0xpfj4 pgp is a cryptographic tool that encrypts a message using both symmetric and asymmetric keys digital signature docid\ ypvxzpw6vlcls1es8azv7 a digital signature is used to verify the identity of the sender and that a message or document is authentic and unaltered hash functions docid 0ctbs0pgxp3pp8fxym5b hash functions take variable length inputs and produce fixed length outputs of text that can't be reversed or decoded methods of securing data overview docid\ nr5i2u8ca8druikqrj8jo learn how data security helps prevent data tampering and unauthorized access while minimizing data exposure data security examples in consider the following examples to determine the best data security methods to use for your encrypt and decrypt data with a secret key that is not hidden if you want to encrypt and decrypt data with a secret key that is not hidden (low data security) use aes encryption/decryption (simple) docid\ kwne2u3w9orbkjlduee9o example an internal service to let teams search for non confidential employee information without accessing the idp (identity provider) if a third party manages to determine the webhook url and api key, the secret key used for encryption and decryption protects the employee information however, the key is not hidden in the scenario module required resources a module to connect to the idp encryptor > aes encrypt (simple) https //apps make com/crypto#aes encrypt simple encryptor > aes decrypt (simple) https //apps make com/crypto#aes decrypt simple a secret key shared in advance with all the teams using the service encrypt and decrypt sensitive data with a hidden, secret key if you want to encrypt and decrypt sensitive data with a hidden, secret key (more data security) use aes encryption/decryption (advanced) docid\ kwne2u3w9orbkjlduee9o example an internal service to give a limited number of users access to confidential employee information (for example salary, home address, yearly reviews, etc ) if a third party manages to determine the webhook url and api key, the secret key protects the employee information additionally, the shared aes key is encrypted by make and is inaccessible required resources a module to connect to the idp encryptor > aes encrypt (advanced) https //apps make com/crypto#aes encrypt advanced encryptor > aes decrypt (advanced) https //apps make com/crypto#aes decrypt advanced an aes key (128 or 256 bits) shared in advance with relevant users encrypt and decrypt sensitive data with a pair of private and public keys if you want to encrypt and decrypt sensitive data with a pair of private and public keys (high data security) use pgp encryption/decryption docid\ qsaaf5s fmxae7x0xpfj4 example a service to share confidential business information with a b2b partner pgp provides a high level of security against man in the middle attacks the sender and recipient exchange public keys in advance the data is encrypted with the recipient's public key and signed with the sender's private key the data is decrypted with the recipient's private key and the signature is verified with the sender's public key required resources encryptor > encrypt a pgp message https //apps make com/crypto#encrypt a pgp message encryptor > decrypt a pgp message https //apps make com/crypto#decrypt a pgp message a set of public and private pgp keys for the sender a set of public and private pgp keys for the recipient verify the sender and authenticity of a document if you want to verify the sender and authenticity of a document use a digital signature docid\ ypvxzpw6vlcls1es8azv7 example a service to verify that the sender of a contract is legitimate and the contract has not been modified the sender creates a digital signature with a private rsa key and sends the contract to the recipient with the digital signature the recipient uses the sender's public rsa key to verify the identity of the sender and that the contract has not been tampered with required resources encryptor > create a digital signature https //apps make com/crypto#create digital signature a public and private rsa key for the sender the public key is shared with the recipient in advance secure and verify a password if you want to secure and verify a password use hash functions docid 0ctbs0pgxp3pp8fxym5b example a password system for a mission critical application that requires additional security the password is never stored instead, the sha 512 hash of the password is stored in a data store whenever a user logs in to access the system, the password they submit is hashed with sha 512 and the hash is compared to the stored hash required resources the sha 512 hash function https //help make com/text and binary functions#sha512 a data store https //help make com/l6du data stores create a secure audit log if you want to create a secure audit log use hash functions docid 0ctbs0pgxp3pp8fxym5b example a method to track users' actions in a system the method prevents users from accessing or modifying the audit logs when a record of the userid and additional details are stored in the data store, a hash is stored as well to access the record and verify that it has not been changed, your generated hash must match the stored hash the random salt is saved in a different location, so no one can calculate a new hash if they attempt to modify the record required resources a hash function with a random salt https //help make com/text and binary functions#sha256 a data store https //help make com/l6du data stores