# Data Protection

{% hint style="info" %}
Data Protection ensures the secure storage of sensitive data in the database, such as device encryption keys, passwords, and OTP secrets.
{% endhint %}

### **Protected Data:**

* **Device Keys**: Encryption keys for Security Keys.
* **Passwords**: Including "Shared Account" passwords.
* **OTP Secrets**: Temporarily stored during transfer to devices.

### **How It Works**

Sensitive data fields in the database are encrypted using AES-256 encryption. The master encryption key is itself encrypted using a system-installed certificate. This key is decrypted at server startup, and all protected data is decrypted as needed.

### How to Configure Data Protection

1. Go to the **Dashboard** and click **Configure** in the Data Protection section, or navigate to **Settings → Data Protection**.

<figure><img src="/files/ECjTHuoigIHLSjCkqPL5" alt="" width="563"><figcaption></figcaption></figure>

2. Enter a password for the certificate and download the certificate.\
   (If you don't have a certificate, you can create a self-signed one.)

<figure><img src="/files/g9gi8Cp3nXx4xoEUAeRi" alt="" width="563"><figcaption></figcaption></figure>

3. Click **Enable Protection**.
4. Choose the downloaded certificate and enter the password from Step 2.
5. Check the boxes:
   * "I made a backup and I am aware of the potential risks"
   * "I have shut down all standby servers and will install the certificate as soon as they are restarted"
6. Click **Next** to complete the configuration.
7. Choose **Restart Now** or **Restart Later** to apply the changes.

<div><figure><img src="/files/VFcd30ORtPA066Cu05kh" alt=""><figcaption></figcaption></figure> <figure><img src="/files/0Us6044qgCrzOaNgS2To" alt=""><figcaption></figcaption></figure> <figure><img src="/files/OD3ZV2DMRcoAGoOQqBup" alt=""><figcaption></figcaption></figure></div>

**Now Data Protection is enabled.**

<figure><img src="/files/2VUZutIZCA0d16YUtkxG" alt="" width="563"><figcaption></figcaption></figure>

You can also:

* **Change the Data Protection Certificate** or

<figure><img src="/files/np6eClXcdXp4xi3kI9UJ" alt="" width="279"><figcaption></figcaption></figure>

* **Disable Data Protection** when needed.

<figure><img src="/files/2HAc37kmyCaDFFYlDkiR" alt="" width="279"><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://enterprise.hideez.com/hideez-enterprise-server/administration/data-protection.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.