Encrypt field data for public API calls

[sshiling]

Hey, thanks for your work.
I played with a plugin, and it looks fantastic.
I need to implement almost the same functionality now, and I would like to know if we can enhance the plugin to match the needs. I might do the work, but I need a few hints on how it should be implemented.
In my case, I need the following functionality:

1. Fields should be decrypted in the admin panel.
2. Fields should be encrypted in public API call requests. In our case, fields will be decrypted by clients on their side if they know the secret.

Thanks for your time.

[Edwin-Luijten]

Hello sshiling,

To answer your questions:

1. This is already possible, you could also let only certain roles show the decrypted values.
2. I like that idea, I'll make the assumption that by clients you don't mean a frontend application hosted in a browser (IMO you could then just as easily decrypt it on the api side if the access level permits it). We could use asymmetric encryption for this. Where the CMS will use the public key to encrypt it, and another party has the private key to decrypt it. On the other side, you could protect that endpoint and only return said data when the access level permits it. Could you explain your use-case perhaps?

[sshiling]

In my case, the client is a front-end application. Definitely, it would be better to decrypt on the API side based on the access level. I need to apply this logic for all Strapi queries. Looking for a way to modify Strapi query response globally. What is the best way to do it?

UPD. The question is resolved.
Found out I can subscribe on db.lifecycles in the bootstrap hook (similar to the plugin implementation).