A Step-by-Step Guide to Encryption at Rest (EAR) in FileMaker

February 28, 2023

Security plays a vital role in any software application. Most of the time, standard approaches, like Startup login, encryption of password, etc., are followed. 'Manage Security' section of FileMaker provides different types of settings to manage various levels of access as well as privileges to the logged-in user.

Encryption at Rest goes beyond this by providing security to the FileMaker file when it is physically stored on a disk. Encrypting a database provides additional security to your FileMaker application.

What you need?

To encrypt one or more database files in FileMaker, you will need:

  • FileMaker account with [Full Access] privilege
  • Encryption Password
  • A shared ID

Steps to follow:

To encrypt a database, you should have the required FileMaker files stored locally. If the files are hosted on the server, you will need to unhost them, perform EAR, and then host again.

Filemaker Consultants

  • In FileMaker Pro client, go to menu 'Tools >> Developer utilities'.
  • Add the files you need to perform encryption on. In the case of a multi-file solution, add all the required files.
  • Specify one of the files as Primary.
  • Select the Project folder, where you would like to place the encrypted files after EAR is completed.
  • Under Specify Solutions options, select the 'Enable Database Encryption' option.
  • This will automatically select the option above 'Create Error log for any processing errors'. This log is important (but optional) since it creates a log file in the EAR folder. This file will let us know if the encryption was successful or if there were any errors. In the case of multiple files, the encryption status of each file is logged.
  • Specify a Shared ID; it links multiple encrypted files.
  • Specify a FileMaker Account with [Full Access] privilege. This will be for the Primary file specified above. If the other files have different [Full Access] password, then it will be prompted during the EAR process.
  • For the files, which are linked with each other via 'External data Source' and have different [Full Access] credentials, the login may be prompted more than one time for the same file.
  • Specify the encryption password. In case of multiple files, if the files' encryption passwords and shared IDs match, the user will not be prompted again for the encryption password. Enter a password hint, if needed.
  • The option 'Keep 'Open Storage' is checked if you do not want the container field data to be encrypted.
  • Click 'OK' to start the encryption

After EAR completion:

  • After the EAR process is completed, check the log file for encryption status.
  • In the case of external storage container, the EAR process will create the same folder structure for each file. Container data will be encrypted/not encrypted depending on the EAR option specified above.
  • Users will be prompted for encryption password when opening the files via FileMaker Pro or FileMaker Go locally.

File Maker expert

  • When the files are hosted on the FileMaker Server or FileMaker Cloud, users will be prompted for the encryption password before hosting. This password can be saved to automatically open encrypted files when the server restarts.
IMPORTANT When performing EAR on hosted files, copy the hosted files and related remote container folders locally where you would be performing the EAR. The remote container data is stored under ‘RC_Data_FMS’ folder under databases folder on server. In this ‘RC_Data_FMS’ folder, there is separate folder for each database that is hosted on the server. When copying remote container folders for EAR, you need to copy the folder which is inside each database folder to your local folder. If this is not done properly, it will result in container data not encrypting and also will show errors in the log file, especially when you are working with secured storage.

Remove Database encryption:

You can remove database encryption applied to a file or a set of files. It is a similar process as that of encryption.

Under 'Tools >> Developer Utilities', add the files you want to remove encryption from, select 'Remove Database Encryption' option. You will need the Encryption password and [Full Access] login details of the FileMaker files.

Filemaker Developers

Encryption at Rest is an essential aspect of data security in FileMaker. By following the above steps, you can encrypt your FileMaker database to provide an additional layer of security. If you have any doubts or need assistance, reach out to the team of experienced and certified FileMaker experts at MetaSys Software, your custom software development company.

Tags :

    Category :