Protecting Sensitive Data
By using the Cloud Assembly IaaS API to mark certain data as sensitive in a request body, you can store the data in encrypted form, and ensure that only the encrypted form of data is visible in the response. vRealize Automation Cloud decrypts the data only when the actual value is needed, for example before sending a request to the cloud.
Data encryption works for certain types of data
and is limited to the following use cases:
- When provisioning resources such as
machines, load balancers, disks, or networks, the following types of data support
encryption:
- Custom property values for all types of resources.
- Remote access passwords for machines.
- Sensitive parts of the cloud config for machines.
- When creating or updating projects, custom properties support encryption.
- When updating a deployed machine, custom
properties support encryption.Note: Data encryption is only supported for deployed machines. It is not supported for discovered machines.
- When creating or updating image profiles, cloud config supports encryption. This means that you can mark parts of the cloud config script as sensitive. For example if the script includes passwords, you can mark the passwords as sensitive.