Microsoft uses encryption technology to protect customer data while at rest in an environment's SQL Server database and Azure Storage.
All instances utilize Microsoft SQL Server Transparent Data Encryption (TDE) and Azure Storage encryption to perform real-time encryption of data when written to the disk at rest.
Finance and operations apps use server-side encryption using service-managed keys. All key management aspects such as key issuance, rotation, and backup are handled by Microsoft.
In addition to the default encryption at rest provided above, you can use the encryption API available in the Global X++ class. The methods Global::editEncryptedField() and Global::editEncryptedStringField() use the environment-specific data encryption certificate to perform data encryption and decryption. You can use these methods as an additional layer of protection beyond the default encryption at rest technology used for data storage.
Encryption in transit
Connections established between customers and Microsoft datacenters are encrypted, and all public endpoints are secured using industry-standard Transport Layer Security (TLS) 1.2. TLS effectively establishes a security-enhanced browser-to-server connection to help ensure data confidentiality and integrity between desktops and datacenters.
In today’s world, data security is very important. When working with Microsoft Dynamics 365 for Finance and Operations (D365F&O), safeguarding sensitive information like passwords or API Keys is crucial. One way to boost security is by creating an encrypted password or API Key field in D365F&O using X++. In this article, we’ll guide you through the process.
Why Encrypt Passwords?
Storing passwords or API Keys in plain text is a security risk. If unauthorized access is gained to your database, all passwords become vulnerable. By encrypting passwords, you add an extra layer of protection. Even if a data breach occurs, the malicious party will find it extremely difficult to decipher the encrypted data.
Step 1: Create a New Field
Begin by creating a new field in your table to store the encrypted password. In the Application Object Tree (AOT), navigate to Data Dictionary > Tables and find your target table. Right-click to add a new field that extends EncryptedField EDT. Name it something like “EncryptedPassword” or “EncryptedAPIKey“.
Step 2: Overwrite update and insert methods of the table
To handle encrypted values on the table during inserting and updating the record you should overwrite insert and update methods of the table and the logic to handle encryption.
1 public void update()2 {3 Global::handleEncryptedTablePreUpdate(this);4 super();5 Global::handleEncryptedTablePostUpdate(this);6 }7 public void insert()8 {9 Global::handleEncryptedTablePreInsert(this);10 super();11 Global::handleEncryptedTablePostInsert(this);12 }
Step 3: Code to Encrypt Password
Next step is write code to encrypt the password field. In order to do that an edit method should created for the password field. Creating a string EDT for storing decrypted password value is optional. You can use Password EDT if you are storing passwords up to 20 chars.
public edit FTD_APIKey passwordEdit(boolean _set, FTD_APIKey value)
{System.Exception ex;
FTD_APIKey apiKey = '';
try
{
apiKey = Global::editEncryptedField(this, value, fieldNum(FTD_OpenAIParameters, EncryptedAPIKey), _set);
}
catch (ex)
{
boolean exceptionNested = false;
while (ex != null)
{
exceptionNested = true;
ex = ex.InnerException;
}
if (_set)
{
warning("@FTD_Labels:FTDErrorPassSave");
}
else
{
warning("@FTD_Labels:FTDErrorPassRead");
}
}
return apiKey;
}
Step 4: Add edit method as a field on the form
Next step is adding the edit field in the form in order to set and display password/API Key in the form. After you added the field, change property Password Style to Yes. To decrypt stored password you can use the same password Edit method:
FTD_APIKey apiKey = openAIParameters.passwordEdit(false, '');
This is how the encrypted field will look like in the form:
This is how the encrypted field will look like in the database:
Comments
Post a Comment