Skip to main content

Confidential Processes

KuFlow provides the ability to mark processes as confidential, ensuring that sensitive data is securely encrypted at rest. When a process is marked as confidential, all associated data is encrypted using a symmetric encryption key, which is securely managed by a highly secure external service. This ensures the highest level of data protection and compliance with modern security standards.

Key Features

  1. Encryption at Rest: All data associated with confidential processes is automatically encrypted to ensure its protection.

  2. Secure Key Management: Encryption keys are managed through an external, dedicated service designed to provide robust security and ensure proper separation of duties, minimizing the risk of unauthorized access.

  3. SDK Compatibility: To fully leverage this feature, ensure that you are using the latest versions of the KuFlow SDKs (e.g., kuflow-sdk-java v3.3.0+ or kuflow-sdk-js v3.1.0+). Older SDK versions do not support encryption and decryption workflows.

Limitations of Confidential Processes

Note

When enabling the Confidential option, consider the following implications:

  1. Performance Impact: Enabling confidentiality may result in a slight performance degradation, as data encryption and decryption processes require additional computational resources.

  2. Search Limitations: Since all task data is encrypted, search functionality will no longer work for fields or values within confidential tasks. It's not possible to query or filter tasks based on their encrypted data.

  3. Impact on Process Instances: If a process definition is marked as confidential, only new instances of that process will be confidential.

    • Existing instances will remain unchanged.
    • If the confidentiality setting is disabled later for the process definition, all new instances created afterward will no longer be confidential.
    • However, any instances previously marked as confidential will remain confidential.

Configuration Steps

  1. Enable Confidentiality in KuFlow UI: When defining a process in the KuFlow user interface, navigate to the Confidential Data section and enable the confidentiality option for the process.

  2. Update Your Integration: Make sure to use the latest KuFlow SDK versions in your integrations. The libraries will automatically handle data encryption and decryption processes without requiring extra manual configuration.

Kuflow Logo
Legal
Copyright © 2025 KUFLOW, S.L.