Decrypt Data action
The Decrypt Data action adds an extra layer of security and enables you to decrypt data in Architect flows by using your own encryption key. Use this action to decrypt PCI data after you call a data action to a back-end system.
This action uses the AWS Encryption SDK, which interacts with KMS. The SDK extracts the encrypted data key from the encryption result buffer, decrypts it, and then uses it to decrypt the data. Before you begin, make sure that you configure an AWS KMS symmetric key within Genesys Cloud. For more information, see Use an AWS KMS symmetric key for conversations.
- This action fully supports single-region KMS keys and partially supports multi-region KMS keys. For multi-region keys, however, the region in which the data is decrypted must be the same region in which that data is encrypted.
- The encryption services keeps key configuration for approximately 31 days. You can decrypt data with a previously used key and not the current key for up to 31 days. However, the key must still exist in KMS and the currently configured key must reside in the same account.
This action is available in the Customer Secured Data menu in the task editor Toolbox. Use this action in all flow types, excluding bot flows.
|Description and use
|Type a meaningful name for the action. The label you enter here becomes the action’s name displayed in the task sequence.
Data to Decrypt
The encrypted string value to decrypt back to a JSON value. To enter the encrypted string value, perform one of these steps
Architect generates encrypted string values from the Encrypt Data action. If you supply a NOT_SET string value or a blank String value to the action at runtime, execution takes the Failure output with an error reason string value of NoDataSupplied.
|Enter a variable name to hold the decrypted JSON value from the supplied encrypted string value.
Failure outputs include these fields:
Define success, failure, and output paths
This path indicates that the action successfully communicated with its external endpoint and received a result. Drag the appropriate action below the Success path that follows the route you want the interaction to take.
Note: A completed Success path indicates that no errors were encountered during the process. It is not a measure of whether the data received is the intended result or functionality.
This path indicates that an error occurred while running the action or a problem occurred while processing the results from a data action. Drag the appropriate action below the Failure path and direct the route you want the interaction to take.
Note: If the network experiences connectivity issues, the action automatically takes this failure path.