Nintex Ideas

đź‘‹ Use this site to provide feedback and ideas for all Nintex Products. See our post on Nintex Community "Welcome to Nintex Ideas" for more details on Nintex Ideas, how an idea is handled by our product teams and more!


If you have questions about Nintex Ideas, please contact ideas@nintex.com

If you require support, please visit Nintex Customer Central

If you have a sales inquiry, please contact sales@nintex.com

Add a new idea Subscribe
Status Open for voting
Workspace Nintex RPA (formerly Nintex Kryon RPA)
Categories Advanced Commands
Created by Sascha Steinberg
Created on Nov 9, 2022

RELATED IDEAS

Advanced command to encrypt/decrypt data

We really need an advanced command that supports openssl encryption.

Just one that handles strings to be encrypted/decrypted using a self defined key/key from vault.

The only way one can handle this today is using scripts (which then expose your key) or a self made plugin - which is (in the current version) very slow.

Thank you!

  • Attach files
  • James Nicolson
    Reply
    |     Jan 28, 2025

    There's are a couple of ways you could approach this that might meet your needs.

    1. Generate a Secure Key:

      • Use OpenSSL to generate a random 256-bit key (for AES-256). This method is simple, avoids complex code, and ensures a strong cryptographic key.

    2. Run the Script:

      • Leverage inbuilt Python’s libraries (e.g., cryptography) for encryption/decryption without needing additional plugins or dependencies.

      • Ensure the script dynamically retrieves the key instead of hardcoding it, enhancing security.

    3. Key Storage Options:

      • Environment Variables: Store the key securely in the environment and access it programmatically during runtime.

      • Secret Management Tools: Use tools like Azure Key Vault, AWS Secrets Manager, or HashiCorp Vault to securely store and manage keys.

        • For an example with Azure Key Vault, access the secret via Managed Identity (if hosted in Azure) or explicit credentials stored in environment variables.

    4. Special Case (Images/Files):

      • If encrypting non-text data like images or files, include a step to base64 encode before encryption and base64 decode after decryption to ensure data is handled properly in text-based workflows.

    Another consideration would be to build as Custom Dynamic Advanced Command - effectively black boxing the script functionality.