Also waiting for @Martin Fiser28 to chime in but I do believe the processor is the way to go here (as yes, the data would land in the docker container unencrypted, but only encrypted data would then go to SAPI to be saved while the container ceases to exist).
Hey Guys, I am looking to encrypt all values of a specific column on input into KBC. Extracting thru generic. The generic encryption functions seem to work only on outgoing data. The best option seems to be a processor with a hashing function. Anything like this available? Would such an approach ensure unhashed data don`t make it to KBC? (even into file storage). Any other ideas on how to do that?
Where am I?
In Keboola you can ask and answer questions and share your experience with others!
I remember @Martin Fiser26 and I discussing this before, and I believe our own conclusion of that is that there is no way to do this.
We assume that there is sensitive data in a column, that would get encrypted in transit before it hits Keboola. In this case, I don't think there is any way, since any manipulation done on the data would happen in some way on Keboola infra.
I think our only solution, but i'm fuzzy on details, is that it needs to be encrypted on your servers, and can be joined and identified via id, and then pass it through Keboola, and then you will need to decrypt once it's at your dwh or wherever you are sending the data.
curious to hear others' thoughts though
This would really be a job for a processor. Even though there is no such processor yet, we have have been discussing designing one in the past. Or possibly a nice job for anyone from the community?