Confidential Data Storing in Aras

Hi All ,

What would be the ideal way to store values in Aras that are confidential.

Example : I am calling an url from within an Aras Method and I do not want to expose the URL value in my Method or on the Item.

I was wondering  that somehow the value should be stored in the database in an encrypted format and decrypted in the Method where it is invoked.

Is there a way to achieve this in Aras and is this the correct approach to handle sensitive data.

Regards :)

  • Hi Shruti,

    unfortunately Aras doesn´t offer much information regarding secure design. But these kind of scenarios were you need extended security are pretty common.

    The solution depends on your Method type (JS/C#).

    For C# Method I asked a similar question some time ago in a previous Github project of mine. I got recommend to store the data in the InnovatorServerConfig instead of the Method: https://github.com/AngelaIp/add-ssrs-reports-to-vault/issues/1

    It should be possible to add some kind of additional encryption on top.

    For JS you could autogenerate the value on demand. It´s not as secure as storing data at the server. I mainly use this technique for spam protection.

    If you discovered a better variant, I would be happy to know!

  • Thanks , ill definitely check it out .