Hide menu Last updated: Jun 30 2017
Area: Episerver Add-ons Applies to versions: Forms 4.6 and higher

Encrypting forms

By default, form submission data is stored as plain text. However, in some environments, the law requires that the data be encrypted. This topic explains how to enable encryption for forms, authorize users to work with it, and how it impacts the Forms feature.

Azure KeyVault

Episerver uses Azure KeyVault to store the symmetric algorithm key. Episerver then retrieves the key from KeyVault and uses it for encryption and decryption. For more information, see:

Data block and key size of symmetric algorithm

Episerver uses the Advanced Encryption Standard (AES) to encrypt and decrypt data. AES has two main concepts:

  • Data block size. Episerver follows the standard 128-bit length.
  • Key size. Episerver supports three types: 128 bits, 192 bits, and 256 bits.

Azure KeyVault refers to their key as a "secret." To use encryption mode, create a secret on Azure KeyVault. Episerver retrieves your secret key from the KeyVault server and uses it in the encryption engine's symmetric algorithm. The secret should be base-64 encoded, meaning its characters are in the ASCII range of UTF8, and each character is 1 byte. So, the secret should contain only 16 characters for a key size of 128 bits, 24 characters for a key size of 192 bits, and 32 characters for a key size of 256 bits.

Configuring encryption

To enable form encryption, follow these steps.


  1. Open the Forms.config file.
  2. Before the <providers> section, add a <storage defaultProvider="DdsEncryptedPermanentStorage"> element.

3. Within the <providers> element, specify three Azure KeyVault–related parameters for the cryptographic engine. See also: Azure KeyVault.

    • ClientId. Application ID registered with Azure Active Directory.
    • ClientSecret. The key created for the application in Active Directory.
    • KeyIdentifier. The endpoint used for communication with Azure KeyVault. Used to retrieve token access, public key retrieval, and data decryption.

4. Restart your site.

After you complete these steps, all forms data is encrypted before being saved (except system fields).

Sample Forms.config file excerpt

<add name="DdsEncryptedPermanentStorage" type="EPiServer.Forms.Core.Data.Internal.DdsEncryptedPermanentStorage, EPiServer.Forms.Core"
cryptoEngineType="EPiServer.Forms.Crypto.AzureKeyVault.Internal.AzureKeyVaultCryptoEngine, PiServer.Forms.Crypto.AzureKeyVault"

Note: To return to Forms normal mode (which does not encrypt data), set DdsPermanentStorage as the storage element's default provider.

Enabling users for encryption

When you want certain users to access the Submission View, which lets users see encrypted data and export decrypted data, create a new role and assign to it the privileges eligible to access form data.  Those privileges are defined in minimumAccessRightLevelToReadFormData element of the Forms.config file for the Episerver Forms folder, such as shows in the following example.

Minimum access rights

 Next, assign the role to appropriate users.

From now on, those users can view encrypted data and see an option to export as Decrypted CSV data.

View encrypted CSV

Decryption mode performance issues

Currently, the asynchronous export of decrypted CSV files is not supported. Because encryption is a time-consuming operation, if forms contain a large amount of data and the allowed time is too short, timeouts may occur. To use decryption more efficiently, you should increase your system timeout.

Impact on other functionality

Sort functionality

When using encryption mode, all columns must have the data type of string (except system columns). As a result, the sort functionality does not work because it is based on numeric data types.

Data storage

Normally, when a user clicks the Next button, data is saved to the database. But in encryption mode submission data is saved only when a user finalizes a submission, to enhance performance. This is because data must be encrypted before it is saved, and encryption is a resource-consuming operation.

Progressive button

For performance and security reasons, the progressive button does not work in encryption mode. If a session expires, users are required to refill form data from the beginning. Old data is removed.

Additional information