Encrypt database

Bump. Anyone can help me?

Should I encrypt all of the data in my database?

Hello? Anyone? How is this not a thing

I will literally pay for this at this point, this is ridiculous, how does anyone store sensitive data on bubble?

Hi @xtechaus,

You have to add a decode element to the page and define the field you want to decrypt using AES, same as encrypt and the same secret word to decrypt. I recommend you keep the secret word outside Bubble, connecting via API.

I recommend you look at the forums in Zerocode regarding this plugin and Bubble forums to understand more about using the API connector to have your secret word specific for each user some where outside Bubble, but for demo purposes you can use any secret word/string. They must be the same secret word for both encrypting and decrypting.

Just to also add that you must encrypt the value in the workflow before saving value in database and decrypt the value in workflow when viewing the value from the database.

Good luck

ahh, so the zeroqode plugin actually has an element for decrypting? This is possible to do in a repeating group too? Just confirming before I buy, because all the plugins I have bought never explain this part and can’t seem to decrypt into a repeating group.

can anyone from zeroqode answer?

@xtechaus Yes and yes to both questions. This is Bubble forum. You can go to to Zero forum of you need more info.

Your welcome

Bump! After extensive testing and back and fourth with Zero’s support, their plugin in fact IS NOT able to decode data that is encoded in a database.

STILL LOOKING, I WILL LITERALLY PAY LIKE $100 FOR THIS I AM GETTING SO FRUSTRATED.
How do big companies on bubble let their users know they can see all their data?

Hi @xtechaus,

Sorry to chime in, but your claim is just NOT true. The Zero plugin does allow you to encrypt and decrypt data from your database. I’ve been using it in my app for nearly two years.

If you don’t know how to set this plugin up thats ok, but giving false statements about the app is not fair.

I suggest you start with the basics or find someone in Bubble to help you out. It isn’t very difficult to use or setup so you shouldn’t have a problem. I also recommend you look at the example Zero code have available in their forum so that you can look at how it was setup.

Regards

it’s not a false statement, bubble.io literally cannot decode something in a workflow that is in a repeating group. Yes you can get data from a repeating group and decode it in a text box in a normal group (maybe), but you CANNOT decode inside a repeating group and output the decoded info in that same group.

will pay $50-$100 if anyone can help me with this, serious issue.

You should decrypt iteratively Using the listshifter or orchestra plugin

2 Likes

I made this plugin for myself https://encrypt-decrypt-lists.bubbleapps.io/version-test
where the project required to encrypt lists of messages in the DB to go in a repeating group. (eg these were chat messages). It’s really no different to all the other Encryption/Decryption plugins except it takes lists - which is what you need for Repeating Groups.

Otherwise I’d have to do what @jared.gibb :+1: suggests :slightly_smiling_face: which is totally viable.

The example page shows you how you might show a list of decrypted messages in a repeating group (using server side actions, custom states). All the other caveats and warnings folks are advising in this thread hold true. At the end of the day, your secret key is in Bubble itself, where you are also storing the data.

If you really want to understand Bubble security - read @petter security book.
http://forum.bubble.io/t/the-ultimate-guide-to-bubble-security-is-out-300-pages-of-privacy-and-security-content/200580

2 Likes

The security architecture that is closest to providing good guarantees of data privacy on the Bubble database is to only ever process encryption and decryption on the client side. And even then you could still write your app to send clear text data back. Unfortunately this architecture requires the user to carry a second secret, either a password, or key. If they loose or forget their secret Bubble password then there is no hope of recovery.

If you don’t want your Bubble devs or admins to see certain data in clear text then you CANNOT run encryption or decryption on the server as all action inputs are logged.

I would suggest requesting Bubble add a private checkbox on fields that triggers the field to be encrypted with the user’s password. For this to function Bubble would need to automatically recycle the encryption of those fields on password change, and would have to never log those values. This would go a long way towards gaining HIPAA compliance.

Addendum

Realizing that the user’s password is captured clear text on the client-side, it is possible to individually encrypt fields using the user’s password. Here is how on-boarding works:

  1. Capture the user created password on the client-side in the usual way
  2. On the client-side generate a public-private key pair with the private key encrypted by the user created password.
  3. Store both keys in the database.
  4. You can now safely encrypt and store private fields using the public key, making sure to run encryption on the client-side to avoid writing sensitive data to the logs.
  5. To decrypt, again capture the user’s password client-side, use the password to decrypt the private key, and then use the decrypted private key to decrypt the fields.

When a password is changed you will have to re-encrypt the private key on the client-side and then store the private key. The good part about this architecture is that you can always add encrypted information without a password, you just can’t retrieve it. As an added layer I would also recommend encrypting the private key using the users password salted with a random value that you also store in the database.

2 Likes

Again @xtechaus, that’s just not true. You can do this with the Zeroqode plugin. I do this on my app across many areas. You can see the oficial example for the plugin here,

There is an option in the plugin to automatically encrypt or decrypt several values in one go. Very useful for lists or dropdowns, etc.

1 Like

Thanks for all the response guys, I will check this stuff out and hopefully make my data safer. Does bubble.io give refunds for plugins?

That login in as function is a nightmare when you start working on anything that requires encryption.

1 Like

Hi, I am new to the forum. Are the privacy rules that are included in the data tab solving the problem here? (they are new arent they?)

Hi! I like this solution, but couldn’t a Bubble admin just add a button to a page with the same workflow, or even just “Do when true” (id parameter in url is empty) and the user can se it? Or even easier, just click the “visible now” button on the frame? And copy the “Get key” over to its own flow?