Configure Comments Encryption

As an administrator, you can encrypt or decrypt comments within your landscape using your crypto server settings. You can enable or disable the encryption feature from the System Administration menu.

About Encrypting and Decrypting Comments

You can encrypt comments placed on your SAP Analytics Cloud stories within your landscape before sending them across the network to SAP Analytics Cloud for storage. The encrypted comments are retrieved from SAP Analytics Cloud storage and decrypted within your landscape when viewing stories.

Note

The commenting service will not be available for a brief period, in the following scenarios:

  • While onboarding, when the Encrypt Comments option is switched on and the encryption is in progress

  • While offboarding, when the Encrypt Comments option is switched off and the decryption is in progress

  • During key rotation, which means a new key has been generated for the crypto server

  • If the crypto server runs into an error

Who Does This Apply To?

  • Admin and BI Admin standard application roles.

Getting Started with Comment Encryption in Your Tenant

Prerequisites

  • You must send a request to SAP support to enable this feature in your tenant.
  • You must have an encryption server within your landscape. For more information on how to implement crypto server APIs, check out the dedicated SAP Note: 3322626 Information published on SAP site.

Comment Encryption Overview Diagram

The following diagram shows how comment encryption and decryption work within your landscape after onboarding the comment encryption feature.

The comments are encrypted within your landscape when you add them to your stories and sent across the network for storage. When you view comments on your stories, they are retrieved from storage and decrypted within your landscape.

Diagram showing the comment encryption and decryption workflow.

Onboarding Comment Encryption Feature in Your Tenant

Context

You can enable the encryption feature to encrypt comments, including previously added comments. This workflow encrypts all the comments in your tenant within your landscape using the on-premise crypto server.
Note

While the encryption process is in progress, the commenting service is not available. Therefore, it is recommended that you plan this activity during system downtime.

Procedure

  1. From the navigation bar on the home page, go to Start of the navigation pathSystem Next navigation step AdministrationEnd of the navigation path.
  2. Under the External Systems tab, navigate to the Crypto Server Configuration option.
  3. Click the Edit icon to edit the page.
  4. Toggle on the Encrypt Comments switch to initiate the encryption process.
  5. Enter the crypto server URL in the Server URL field.
    Note

    While keying in the server URL, make sure that the https text from the server URL is omitted as the system automatically picks up the secure connection prefix and you may get an error.

  6. Click Check Connection to establish the connection with the crypto server in your landscape.
    Note

    Do note close or refresh the brower while the encryption is in progress as it will fail and can be resumed only after a period of ten minutes. Also, the commenting service will be unavailable during this period.

  7. Once the connection is validated and you get a success toast message, click the save icon.

Results

Encrypting comments is enabled. All the comments including the existing comments are encrypted before saving it on SAP Analytics Cloud storage, and are retrieved from SAP Analytics Cloud storage, decrypted within your landscape when viewing stories.

Offboarding Comment Encryption Feature in Your Tenant

Context

You can choose to disable comment encryption in your tenant if you no longer need the encryption service.
Note

While offboarding comment encryption process is in progress, the commenting service is not available. Therefore, it is recommended that you plan this activity during system downtime.

To disable the comment encryption,

Procedure

  1. From the navigation bar on the home page, go to Start of the navigation pathSystem Next navigation step Administration Next navigation step External Systems Next navigation step Crypto Server ConfigurationEnd of the navigation path.
  2. Click the Edit icon to edit the page.
  3. Toggle off the Encrypt Comments switch to initiate the decryption process.
  4. Once the decryption is complete and you get a success toast message, click the save icon.

Results

All the encrypted comments are decrypted within your landscape and the comment encryption feature is disabled.

Encrypting Comments Using a New Key

Context

Key rotation is the process of retiring an old encryption key and replacing it with a new encryption key. During the key roation, you enable the crypto server to decrypt the comments using the old encryption key and encrypt the comments again using a new encryption key.

Procedure

  1. From the navigation bar on the home page, go to Start of the navigation pathSystem Next navigation step Administration Next navigation step External Systems Next navigation step Crypto Server ConfigurationEnd of the navigation path.
  2. Click Encrypt under the Encrypt Using New Key option.

Results

Comments are encrypted using the new encryption key.

Note

Every time the crypto key changes, make sure that the comments are encrypted using the new key. Also, note that the commenting service will not be available while encrypting using the new key.

Remember
  • It is recommended not to enable BYOK and comment encryption together.
  • Encryption and decryption work for comments on acquired models only.
  • SAP is not responsible for issues arising from using the crypto server.
  • Data lost or corrupted due to crypto server cannot be retrieved back by SAP.