Encryption

Intro

Flowcode clients input potentially confidential data into the app. If this data was leaked the clients businesses could be affected. For this reason all potentially confidential data in Flowcode is stored using encryption.

Encrypted data

The data that is encrypted for an organisation includes:

Element field values: The data entered into Element fields
Objectives
- Titles
- Descriptions
Projects
- Titles
- Descriptions
Targets
- Titles
Tasks
- Titles

Sensitive Model data

Although the databases will be secure, it's not best practice to store sensitive data directly to a database. Certain columns are considered sensitive on these models and encrypted when stored and decrypted when accessed. This is done using the Laravel Crpyt Facade use Illuminate\Support\Facades\Crypt; in the model, and the set / get Attribute methods.

Example: FieldProgress.php

    protected $encrypt = ['value'];

    public function setAttribute($key, $value)
    {
        if (in_array($key, $this->encrypt) && $value)
        {
            $value = Crypt::encryptString($value);
        }

        return parent::setAttribute($key, $value);
    }

    public function getAttribute($key)
    {
        if (in_array($key, $this->encrypt) && $this->attributes[$key])
        {
            return Crypt::decryptString($this->attributes[$key]);
        }

        return parent::getAttribute($key);
    }

    public function attributesToArray()
    {
        $attributes = parent::attributesToArray();

        foreach ($attributes as $key => $value)
        {
            if (in_array($key, $this->encrypt) && $value)
            {
                $attributes[$key] = Crypt::decryptString($value);
            }
        }

        return $attributes;
    }

The above methods encrypt and decrypt any columns that are in the $encrypt array.

Encryption migration

To convert existing data to encrypted data, the following migration was used: 2023_08_20_192818_encrypt_sensitive_element_optt_data