Data Protection

Hideez Enterprise Server – Data protection

Data Protection ensures the secure storage of sensitive data in the database, such as device encryption keys, passwords, and OTP secrets.

Protected Data:

  • Device Keys: Encryption keys for Security Keys.

  • Passwords: Including "Shared Account" passwords.

  • OTP Secrets: Temporarily stored during transfer to devices.

How It Works

Sensitive data fields in the database are encrypted using AES-256 encryption. The master encryption key is itself encrypted using a system-installed certificate. This key is decrypted at server startup, and all protected data is decrypted as needed.

How to Configure Data Protection

  1. Go to the Dashboard and click Configure in the Data Protection section, or navigate to Settings → Data Protection.

  1. Enter a password for the certificate and download the certificate. (If you don't have a certificate, you can create a self-signed one.)

  1. Click Enable Protection.

  2. Choose the downloaded certificate and enter the password from Step 2.

  3. Check the boxes:

    • "I made a backup and I am aware of the potential risks"

    • "I have shut down all standby servers and will install the certificate as soon as they are restarted"

  4. Click Next to complete the configuration.

  5. Choose Restart Now or Restart Later to apply the changes.

Now Data Protection is enabled.

You can also:

  • Change the Data Protection Certificate or

  • Disable Data Protection when needed.

Last updated