IQ Bot database encryption

The IQ Bot database is encrypted to prevent unauthorized access to sensitive information.

The following database tables and columns are encrypted because they store potentially sensitive data from documents:
  • FileManager.FieldLevelAccuracy.oldvalue
  • FileManager.FieldLevelAccuracy.newvalue
  • FileManager.FileDetails.filename
  • FileManager.SegmentedDocumentDetails.SegmentedDocument (data stays until the document is in Validation queue)
  • FileManager.VisionBot.datalob
  • FileManager.VisionBotDocuments.VBotDocument
  • FileManager.TestSet.DocItems
  • FileManager.FileBlobs.fileblob
  • FileManager.VisionBotDocuments.CorrectedData
  • FileManager.DocumentPageCache.fileblob
Note: Although the data is encrypted, the APIs that use this data work as before.
Database encryption occurs during the following instances:
Database is encrypted during a fresh install of IQ Bot
By default, the database is encrypted, regardless of the installation type (fresh installation or an upgrade).
All files uploaded to IQ bot (for training or production) are encrypted. The database administrator requires the encryption key to access any information in the database.
Database is encrypted during migration of learning instance
When a learning instance is exported, the archived (.iqba) data file is not encrypted. Instead, the data is exported in plain text format. However, when importing a learning instance through an archived (.iqba) file, regardless of the import options, the updated IQ Bot database is encrypted.
Note: Impacted areas constitute the import/export functionalities.
Database is encrypted during upgrade of IQ Bot from a previous version
When upgrading IQ Bot from an older version, the installer encrypts data related to the files in the database.
After completing the RabbitMQ v3.8.18 configuration step in the installer, database encryption begins, and the system shows an explatory message. After the upgrade is complete, the system works as before.
If the encryption process fails, the installer shows an error message and the upgrade gets rolled back to the previous version.
Note: Before the upgrade, copy and keep a backup of the database so you can revert back to it if errors occur during the upgrade process.

As an administrator, you must be aware of the location and security of the encryption key. The encryption key file is not stored in a credential vault, but is located in the IQ Bot installation directory/Configurations/private.key. Secure the encryption key with appropriate access restrictions to significantly reduce the possibility that other users can decrypt the encrypted data.

The encryption key is shared across all servers of the IQ Bot cluster, to ensure seamless database encryption across all servers. If the encryption key is lost, uninstall and reinstall IQ Bot to restore functionality.