How to protect sensitive data in SOA 12c using Encrypt Sensitive Data and Decrypt Sensitive data options

In our previous versions of SOA Suite , we don’t have any out of box functionality available to encrypt and decrypt input data .

So whoever has the access to EM and SOAINFRA they can see the data.

But in 12c we have an out of box functionality in place to encrypt and decrypt the sensitive data inside a composite.

In this we will see how to do the encryption and decryption in a composite.

In this sample I am using the below schema as the input to my bpel process.

encryp1

In this sample I am just calling another SOA service for testing my scenario.

My BPEL process looks like below.

encryp2

Encrypt sensitive field –>

In my schema salary is important field and I will use encryption on this field.

Right click on exposed service and go to “Protect Sensitive data” and click on “Encrypt Request Data”.

encryp3

It will open a PII configuration window, click on Edit button on top right corner.

encryp4

Now it will open a new window to select the field. Click on + button to select the xpath expression. Select the field and click on OK button.

encryp5

Now it will display the value in the encrypt window, Click on Next.

encryp6

It will add an csf_key automatically, Click on Finish .

encryp7

Now you are done with encrypting the input data for salary field, click on Ok .

Decrypt Sensitive Field –>

Now we have to decrypt the data at reference binding. To do that Right click on target service click on “Decrypt Sensitive Data”.

encryp9

It will open a PII configuration window, click on Edit button on top right corner.

encryp10

Now it will open a new window to select the field. Click on + button to select the xpath expression. Select the field and click on OK button.

encryp11

Now it will display the value in the encrypt window, Click on Next.

encryp12

Once you are done with adding encryption and decryption to your composite, we have to create a CSF_KEY “pii-csf-key” in your EM console.

Go to your weblogic domain in EM console and create a CSF-KEY by Right click on your domain and then go to security and credentials.

encryp13.jpg

Click on Create Key and provide the details like key name, username and password.

encryp14

Now save your composite and deploy it server.

Test your composite and see the results for both encryption and decryption.

You can see that in caller service , Receive input contains the encrypted data for salary field.

Open your callee service,Receive input variable contains the decrypted value of salary.

Advertisements

3 thoughts on “How to protect sensitive data in SOA 12c using Encrypt Sensitive Data and Decrypt Sensitive data options

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s