HomeGuidesAPILog In

Security Settings

Enforce Minimum Password Length
Data Encryption KeySee below section
Parent urls that can iframe this siteEntries get added to the "Content-Security-Policy" response header in the frame-ancestors section. This tells the browser to allow these sites to have Produce in an iframe. Be aware that this also lowers the security on cookies as they have "same-site" set to "none". Multiple urls can be added by separating them by a space.

Data Encryption


WARNING: Do NOT lose the key material

If SmartIQ is no longer able to contact the chosen key wrapping technology, SmartIQ will NOT be able to decrypt or unwrap the DEK. Therefore, your data will be lost.

By default, SmartIQ enables Data Encryption for all cloud environments as well as all new installations by employing an industry standard technique known as key wrapping. Key wrapping is the process of encrypting one key using another key when transmitting and storing data.

SmartIQ uses the Data Encryption Key (DEK) to encrypt the data, which is then encrypted or wrapped using a Key Encryption Key (KEK). The wrapped DEK and KEK are stored/managed in distinct locations. Using key wrapping technologies ensures separation and provides another layer of encryption for different parties.

For example, SmartIQ has the DEK and the customer or tenant has their own KEK. This applies to the SmartIQ environment, as a whole. However, for multi-tenant environments, individual tenants have their own DEKs.

SmartIQ can integrate with the following key wrapping technologies:


Configuration Settings

Contact SmartIQ Support for information on how to configure the settings.

  • Azure Key Vault
  • AWS Key Management Service (AWS KMS)
  • Hardware Security Modules (HSMs) via the PKCS#11 standard

Enabling Data Encryption

The Encrypt Data option will always be on by default for all new installations.

Rotating the Data Encryption Keys

Key rotation is the process of moving to a new Data Encryption Key (DEK). SmartIQ automatically rotates the key every 12 months for compliance with standards.

SmartIQ recommends rotating the DEKs regularly because DEKs are designed to encrypt and decrypt data multiple times. And from the moment of rotation, encryption is performed with the new/current DEK. Stored data might be encrypted using several DEKs over time.

To manually rotate the keys:


User Permission

Only users with Manage Security permission will be able to access the Security settings in Manage and manually rotate the key.

you will see the version and expiration date of the current Data Encryption Key. Rotate and save.



The system may take up to ten (10) minutes for the previous key to be deactivated from the cache. Restart the site to force the system to use the new key.