createStringAttribute encrypted still shows plaintext

as the title specifies, I am trying to create an SSN attribute and a federalTaxId and after using the createStringAttribute with encrypted true it still shows as plain text in the console, is that on purpose or?

TL;DR

The user is asking why the encrypted string attribute still shows as plaintext in the console of Appwrite. The response explains that the encryption in Appwrite ensures data is encrypted in the database, but it is decrypted when fetched from the database and returned from the API. If this does not work for the user, they need to find an alternative solution. The console should not be visible to anyone but the user. The user suggests that it should be encrypted in the console. The solution is not provided in the thread.

@Drake is this supposed to work like this?

@D5

I think in console yes

Yes, the data is encrypted in the database

Console decrypts it

but it should 1000% be encrypted in the console still IMO

how would you decrypt it?

Only on usage

The console is...using..it

I get what you're saying

But it's not secure to have SSN's in plain text anywhere

they should, in theory, be always encrypted and never visible unless it's specifically needed for something and even then usually the last 4, it's just used in this case to verify their application and they are who they say they are, credit check, that good stuff

I guess technically the console should never be visible to anyone but me but

so when you're dealing with encryption, the big things to always ask are when does it need to be encrypted/decrypted.

The encryption that Appwrite provides for string attributes ensures the data is encrypted in the database so that someone looking at the database can't see the value. When the data is fetched from the database, it's decrypted and when it's returned from the API, it's plaintext

If this doesn't work for you, you'll have to look into an alternative

fair enough

that said, it could be a good feature request to hide encrypted strings like how we hide API keys, function variables, etc. Honestly, the console hasn't been updated for encrypted string attributes at all 😅

it's totally understandable, I mean even thinking it through logically like

it's just me that can see it but

part of PCI compliance is just that it's not a string and visible in any context unless it's being used

for it's purpose

and it might even be fine how it is, tbh I don't know, cause it's just me, but anyways yeah I figure it could be neat

depending on your usecase, you could maybe store last 4 as an encrypted string. Or you could store a hash

true

Reply to this thread by joining our Discord

Reply on Discord