|Enforce Minimum Password Length|
|Data Encryption Key||See below section|
|Parent urls that can iframe this site||Entries get added to the "Content-Security-Policy" response header in the frame-ancestors section. This tells the browser to allow these sites to have Produce in an iframe. Be aware that this also lowers the security on cookies as they have "same-site" set to "none". Multiple urls can be added by separating them by a space.|
WARNING: Do NOT lose the key material
If SmartIQ is no longer able to contact the chosen key wrapping technology, SmartIQ will NOT be able to decrypt or unwrap the DEK. Therefore, your data will be lost.
By default, SmartIQ enables Data Encryption for all cloud environments as well as all new installations by employing an industry standard technique known as key wrapping. Key wrapping is the process of encrypting one key using another key when transmitting and storing data.
SmartIQ uses the Data Encryption Key (DEK) to encrypt the data, which is then encrypted or wrapped using a Key Encryption Key (KEK). The wrapped DEK and KEK are stored/managed in distinct locations. Using key wrapping technologies ensures separation and provides another layer of encryption for different parties.
For example, SmartIQ has the DEK and the customer or tenant has their own KEK. This applies to the SmartIQ environment, as a whole. However, for multi-tenant environments, individual tenants have their own DEKs.
SmartIQ can integrate with the following key wrapping technologies:
Contact SmartIQ Support for information on how to configure the settings.
- Azure Key Vault
- AWS Key Management Service (AWS KMS)
- Hardware Security Modules (HSMs) via the PKCS#11 standard
The Encrypt Data option will always be on by default for all new installations.
Key rotation is the process of moving to a new Data Encryption Key (DEK). SmartIQ automatically rotates the key every 12 months for compliance with standards.
SmartIQ recommends rotating the DEKs regularly because DEKs are designed to encrypt and decrypt data multiple times. And from the moment of rotation, encryption is performed with the new/current DEK. Stored data might be encrypted using several DEKs over time.
To manually rotate the keys:
Only users with Manage Security permission will be able to access the Security settings in Manage and manually rotate the key.
you will see the version and expiration date of the current Data Encryption Key. Rotate and save.
The system may take up to ten (10) minutes for the previous key to be deactivated from the cache. Restart the site to force the system to use the new key.
Updated 5 days ago