Automatically encrypt properties

For most sensitive properties in Itential Platform, you no longer need to manually create secrets in Vault. When Vault is configured, these properties are automatically encrypted.

For example, to create a Vault secret for a MongoDB password, simply create or update the profile through the API or UI with the password in plaintext. The password is stored in Vault, not in the database.

Using $ENC or $SECRET syntax for these properties is strongly discouraged. Itential Platform will not perform “double encryption” on these properties.

Adapters

Adapter properties that are automatically encrypted appear as starred values (●●●●●) in the form view.

View encrypted properties

When viewing an adapter with encrypted properties:

New or empty encrypted fields show standard stars (●●●●●)
Existing encrypted fields show differently-styled stars to indicate the field contains a value
You cannot see the actual value while typing in form view

Advanced view behavior

In advanced view:

You can see values while typing them
Existing encrypted values appear as empty strings
A tooltip indicates the property is encrypted

Integrations

Integration properties are automatically encrypted based on the authentication type used.

View encrypted properties

Encrypted integration properties behave the same as adapter properties:

Starred values in form view
Different star styles for new versus existing values
Cannot see values while typing in form view

Advanced view behavior

In advanced view:

You can see values while typing them
Existing values always display as empty strings
Tooltips indicate encrypted properties

Applications

Custom applications can have properties configured in propertiesDecorators.json to always be encrypted. These appear the same way as adapters and integrations in the Admin Essentials UI.

Profiles

Profile properties that need automatic encryption (such as redisProps password) display as starred values to indicate encryption.

Existing or edited properties show differently-styled stars as a visual indicator. This subtle difference distinguishes between pre-configured secrets and fields that haven’t been configured yet. You cannot see the value while typing in this view.

Next steps

Manual encryption

Create secrets

For most sensitive properties in Itential Platform, you no longer need to manually create secrets in Vault. When Vault is configured, these properties are automatically encrypted.

Using $ENC or $SECRET syntax for these properties is strongly discouraged. Itential Platform will not perform “double encryption” on these properties.

Adapters

Adapter properties that are automatically encrypted appear as starred values (●●●●●) in the form view.

View encrypted properties

When viewing an adapter with encrypted properties:

New or empty encrypted fields show standard stars (●●●●●)
Existing encrypted fields show differently-styled stars to indicate the field contains a value
You cannot see the actual value while typing in form view

Advanced view behavior

In advanced view:

You can see values while typing them
Existing encrypted values appear as empty strings
A tooltip indicates the property is encrypted

Integrations

Integration properties are automatically encrypted based on the authentication type used.

View encrypted properties

Encrypted integration properties behave the same as adapter properties:

Starred values in form view
Different star styles for new versus existing values
Cannot see values while typing in form view

Advanced view behavior

In advanced view:

You can see values while typing them
Existing values always display as empty strings
Tooltips indicate encrypted properties

Applications

Custom applications can have properties configured in propertiesDecorators.json to always be encrypted. These appear the same way as adapters and integrations in the Admin Essentials UI.

Profiles

Profile properties that need automatic encryption (such as redisProps password) display as starred values to indicate encryption.

Next steps

Manual encryption

Create secrets