Flow: Encryption

Data encryption allows sensitive data such as bank account details of a customer to be transported securely over public internet. This is on top of the SSL encryption over HTTPs applied for the custom event API.
The node specific configuration is accessed by double-clicking on the node.



This tab is used to set parameters that encrypts plain text.


Table below describes the parameters in the settings tab.



Encryption method

AWS-Key Management Service (AWS-KMS)

Access key

User identity generated at client-side, enables the client to have their own Access key.
This can be done by creating a new Identity and Access Management (IAM) user identity for each client requiring encryption, with permission to manage their own password.

Secret key

It is generated along with the Access key - for each user account a secret key is generated.

AWS Region

User's must set the region to the one where the master key is generated.

Plain text

Encrypted text.


Store response variable.

Encryption context

Must be set to the expected session ID, to be used later within the flow. Enter a list of encryption context as key and value pairs:

  • key
  • value

Grant tokens

A list of grant tokens as name value pairs (maximum of 10).

Store response

Enter the session data variable to store value in the following parameters:

  • Ciphertext
  • KeyId
  • x-amzn-RequestId


For information on session data, click here.


For information on custom logs, click here.


Node events lists all outcomes of this node. You can add custom labels or terminate an event by setting the reason for termination.

ondependencytimeoutThe system timed out while trying to fulfill the request. The request can be retried.
onsuccessThis event is triggered if the node flow is completed successfully.
onerrorThis event is triggered if an error occurs.
onkeyunavailableThe request was rejected because the specified CMK was not available. The request can be retried.