Disable encryption in ODK Central

1. What is the issue? Please be detailed.
We were doing a few tests about the use of encryption to prove its use. The different windows in order to enable encryption have multiple steps, however, there is no last window that confirms the encryption (only a next button in all windows).

We have encrypted a whole project that has 1 form. Due to the current usage through oData of this form and multiple uses through editing / previewing / editing, everything has been turned off with the current encryption.

Acknowledging that according to the current documentation (https://docs.getodk.org/central-encryption/) there is no way to disable encryption, but looks like in future versions it might be available. I wonder whether there is a current /non-public/ option to revert back this process? Anyone has faced a similar situation?

You're right, we are going to make some improvements there to make it clearer when encryption will be enabled.

It sounds like you only have non-encrypted submissions that came in before you turned ion encryption, is that right? If that's the case, you can turn off encryption at the database level and continue your prior usage.

The instructions below only apply if your project DOES NOT HAVE ENCRYPTED SUBMISSIONS. Any encrypted submissions in the project will become impossible to decrypt.

Instructions for disabling project-level encryption when there are no encrypted submissions
  1. Navigate to the accidentally-encrypted project in your browser and make note of the project ID at the end of the URL (e.g. in https://mycoolserver.getodk.cloud/#/projects/28, make note of 28)
  2. Connect to your Central database. If you use an external database, connect as you usually do. If you use the default database:
    1. SSH into your server, go to the central folder
    2. docker exec -it central_postgres_1 psql -U odk -W odk
  3. Clear the encryption key association with your project:
    UPDATE projects SET "keyId"=null WHERE id={the project id you saved above}
  4. Re-upload every form definition in the project. This is important because when you turn on encryption, form definitions get a public key injected in them. You MUST re-upload all forms or submissions will get encrypted without a way to decrypt them.
  5. Please read through these instructions and let me know if you have any questions. Consider trying this on a test project first.

1 Like