By using the Cloud Assembly IaaS API to mark certain data as sensitive in a request body, you can store the data in encrypted form, and ensure that only the encrypted form of data is visible in the response. vRealize Automation decrypts the data only when the actual value is needed, for example before sending a request to the cloud.
Data encryption works for certain types of data and is limited to the following use cases:
- When provisioning resources such as machines, load balancers, disks, or networks, the following types of data support encryption:
- Custom property values for all types of resources.
- Remote access passwords for machines.
- Sensitive parts of the cloud config for machines.
- When creating or updating projects, custom properties support encryption.
- When updating a deployed machine, custom properties support encryption.
Note: Data encryption is only supported for deployed machines. It is not supported for discovered machines.
- When creating or updating image profiles, cloud config supports encryption. This means that you can mark parts of the cloud config script as sensitive. For example if the script includes passwords, you can mark the passwords as sensitive.