Encrypt/Decrypt data using OCI Vault in Oracle Integration
In this article, we will explain and demonstrate how to encrypt/decrypt the data using OCI Vault in Oracle Integration.
The most common requirement of any application is security especially when the application is on the cloud. Similarly, when you are doing integrations between multiple applications, no organization wants to compromise the data. So it becomes crucial to encrypt the data before we send it to other applications and the target application can decrypt the data to make it usable.
First, let’s understand what’s the OCI Vault Service.
OCI Vault Service
An OCI-managed service that lets you centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources.
These are three basic building blocks that we should understand before we actually use the OCI Vault service as follows:
Vault
Logical entities where the Vault service creates and durably stores keys and secrets.
Keys
Logical entities that represent one or more key versions, each of which contains cryptographic material
Secret
Secrets are credentials such as passwords, certificates, SSH keys, or authentication tokens that you use with OCI services.
Let’s understand now, the data encryption requirement and why it is important.
Data encryption becomes very important for the integrations where we transfer some sensitive data (password, credit card numbers, PII information, etc) from one application to another. Since this type of information is critical, hence the data can’t be exposed in plain text while we transfer to other applications. So encryption plays a vital role in those cases.
Though there is no out-of-the-box feature in Oracle Integration that will help to encrypt the data, however, there are various other alternatives that can be used to encrypt the data:
- OCI Vault
- JavaScript
- OCI Function
In this article, we are focusing on how to use OCI Vault to encrypt/decrypt the data.
Pre-requisites to encrypt/decrypt the data using OCI Vault
- OCI Vault
- Master Key
- Tenancy OCID
- User OCI
- Private Key
Encryption of data
To encrypt the data in Oracle Integration using the OCI Vault service, we are going to leverage the OCI Vault REST API.
You can find the OCI Vault API details here to encrypt the data.
POST /20180608/encrypt
Sample request payload:
{
"keyId" : "ocid1.key.oc1.iad.example.examplestkvmbjdnbickxcvbotxd5q23tteidhj4q2c6qfauxm32i577yu5a",
"plaintext" : "aGVsbG8sIHdvcmxk"
}
Sample response payload
{
"ciphertext" : "AAwgpauIe9AAAM6dU7pS7AKwmDFyXOqNh0uAvNY9a3E95rw7Ae3LZNBnDtHWdkB1l/pIDBfg"
}
Now, to encrypt the data, I have captured an end-to-end video that will help you to understand how to encrypt the data in Oracle Integration:
You have to become a member of my YouTube channel to watch this video. Click here to become a member.
This is how you can encrypt the data in Oracle Integration.
Decryption of data
Same as encryption, we will use OCI Vault API to decrypt the data in Oracle Integration.
You can find the OCI Vault API details here to decrypt the data.
POST /20180608/decrypt
Sample request payload:
{
"ciphertext" : "AAwgpauIe9AAAM6dU7pS7AKwmDFyXOqNh0uAvNY9a3E95rw7Ae3LZNBnDtHWdkB1l/pIDBfg",
"keyId" : ""
}
Sample response payload
{
"plaintext" : ""
}
Now, to decrypt the data, I have captured an end-to-end video that will help you to understand how to decrypt the data in Oracle Integration:
This is how you can decrypt the data in Oracle Integration.
You can look at our YouTube channel for Oracle Integration-related videos. Also, don’t forget to subscribe to our channel.
Further Readings
How to create a BIP report in Oracle SaaS
How to create and test custom ESS job in Oracle SaaS
How to extract data from Oracle Fusion using REST APIs in OIC
ERP Integration using File Based Data Import: Oracle Integration