Skip to main content

Troubleshooting Encryption Failures

SecureField comes in 2 flavors: ThorAPI built-in and the SecureField KMS which is included with ValkyrAI.

Out of the box, ThorAPI requires setting of the THORAPI_SECRET_KEY value as the only way to change the key. Custom solutions built on top of ThorAPI can of course manage the keys any way you desire.

ValkyrAI on the other hand has a built-in Key Management System, which allows for automated rotation of keys, and the ability to manage multiple keys at once with the same databases.

If there is a problem with the key management, or a key is corrupted or otherwise somehow made unusable, then the SecureField system will not be able to decrypt previously encrypted values and will return a standard error message such as:

{'error':'decryption failure: Tag mismatch'}

Since there are innumerable ways in which key data might be compromised or made unavailable, it is outside of the scope of this README to consider all possibilities.

For this reason it is important that any key created by you and used with SecureField encryption be managed carefully.

NOTE: As long as you have the valid key associated with a piece of encrypted data, you will always be able to decrypt it using the open source ThorAPI decryption utilities.