Latest User Testimonial
Latest flowlog News
Issue with flowlog.net? Is flowlog missing a critical feature? Something else?
Documentation -> flowlog account admin -> Autonomous Account Encryption -> Usage Details and Warnings
TLDR; With great power, comes great responsibility.
If you choose to enable Autonomous Account Encryption, you will immediately be redirected to a page that displays your unique key. You will want to copy and save that key right then (including the "base64:" part), as flowlog will ask for it on the very next page load, and will start using it to encrypt any newly saved data right away. Please consider saving your key to three different locations/mediums. flowlog.net can't do anything to help if you lose your key, as flowlog.net doesn't save a copy. For the same reason, flowlog can't check your key for correctness, so if you provide a different key that is the right format and length, flowlog will use it to encrypt your data, without so much as a peep. If you accidentally use two different keys at two different times some data will be encrypted with one key, and some data with another, and your account will be, effectively borked, because you won't be able to decrypt all your data at any one time.
You can disable the feature anytime you want, and flowlog will decrypt all your data in the database, and destroy your key in the session. You can re-enable after that, anytime, and flowlog will generate a new key for you to use. Please remember the previous warning about mixing up keys.
Please also be advised that this feature may not be suited for accounts with more than one user in many cases, as all your flowlog account users will need your account encryption key to be able to use flowlog. In this scenario, every user would have the power to accidentally or maliciously lock the data away with some eroneus key(s), not just editors.
There is also the risk of some catastrophic bug or incompatability with some software component that prevents decrypting temporarily, or some worse disaster. flowlog admins who choose to enable this feature should expect to back up their data frequently to be on the safe side. Also, until an export feature is implemented, more manual backup methods would be necessary or you may choose to wait on an export feature to be implemented before enabling AAE.
If you choose not to enable Autonomous Account Encryption, your data is still protected by the robust security stanse of the whole hosting stack. Please see the security section of the home/features page for more details on that.
For users that require the most stringent privacy/data protections possible, we think you'll appreciate the peace of mind that comes with Autonomous Account Encryption.