What is the difference between one-way and two-way encryption?

One-way encryption is a cryptographic hash — the original value cannot be mathematically recovered from the hash output. It is appropriate for anonymization and pseudonymization where the goal is to prevent the original value from being read by anyone. Two-way encryption is reversible — the original value can be recovered using the correct decryption key. It is appropriate for data protection scenarios where authorized workflows need the original value.

Is SHA-256 hashing the same as encryption?

SHA-256 is a cryptographic hash function, not a reversible cipher. The term 'one-way encryption' in this context refers to the hash producing a fixed-length output that cannot be reversed. For true data anonymization under GDPR, using a cryptographic hash as pseudonymization is a recognized approach, but it should be paired with other controls and key management if re-identification is a concern.

Does the same input always produce the same hash output?

Yes. SHA-256 and SHA-1 are deterministic — the same input string always produces the same hash output. This means that the same customer name or email address will hash to the same value across all pipeline runs, enabling consistent cross-pipeline matching using the hash as an anonymized key.

Is the original column replaced or is a new column added?

The values in the selected columns are replaced in-place — the original plaintext value is replaced by the encrypted or hashed value within the same column. To preserve the original values alongside the encrypted values for any downstream comparison, add a Copy Column step before encrypting to create a backup of the original column.

What happens to null values in encrypted columns?

Null values in selected columns remain null after encryption. The transformation only encrypts non-null cell values.

Data TransformationSecurityAdvanced

Encrypt Column

Infoveave Data Automation — Security

Your pipeline processes names and email addresses. Before the data lands in a shared analytics table, encrypt them. One-way hash for anonymization, two-way for recovery when needed — no cryptography library required.

Data pipelines that handle personally identifiable information (PII), financial account numbers, credentials, or sensitive health data must protect those values before the data reaches downstream systems, shared databases, or third-party analytics tools. Applying encryption in the pipeline — before data is written — ensures that unencrypted sensitive values never appear in analytics tables, data marts, or exported files. Implementing column encryption normally requires using cryptographic library functions (hashlib, cryptography in Python; HASHBYTES in SQL Server; MD5/SHA2 in MySQL) and managing encryption keys or salt values in code. Encrypt Column integrates this capability into the no-code pipeline with two modes: one-way hashing for irreversible anonymization (appropriate for pseudonymization in GDPR and HIPAA contexts) and two-way symmetric encryption for cases where the original value must be recoverable by an authorized party using the decryption step.

Input:Tabular dataset with one or more columns containing sensitive data values such as names, email addresses, national IDs, financial account numbers, or credentials that will be replaced with encrypted or hashed representationsOutput:Tabular dataset where the values in selected columns are replaced with their encrypted equivalents — fixed-length hash strings for one-way encryption or UUID-style encrypted strings for two-way encryption

Book a Demo View Documentation

Try Encrypt Column in Infoveave

No SQL or scripting required
Visual drag-and-drop workflow builder
Runs automatically on a schedule
Connects to 100+ data sources

Part of Infoveave Data Automation

What Encrypt Column does

Encrypt sensitive column values using one-way irreversible hashing (SHA-256, SHA-1) or two-way symmetric reversible encryption in Infoveave. Protect PII, financial data, credentials, and personal identifiers in data pipelines without cryptography libraries or database encryption functions — and without exposing unencrypted data in intermediate pipeline steps.

When to use Encrypt Column

Your pipeline processes PII columns — names, email addresses, national IDs, phone numbers — that must be anonymized or pseudonymized before loading into a shared analytics environment, data warehouse, or third-party BI tool
You need to hash user identifier columns to produce consistent, anonymized surrogate keys that can be used for cross-system matching without exposing the actual identifier — SHA-256 hashing produces a consistent hash for the same value every time
Your data must comply with GDPR, HIPAA, or CCPA requirements mandating that personal data is processed with appropriate technical safeguards — encrypting PII columns in the pipeline before storage is a common compliance control
You need reversible encryption for data that must be decryptable by authorized systems or workflows — use two-way encryption with a secure password so downstream processes can decrypt the values when the original is needed

When to avoid it

You want to decrypt previously encrypted column values to recover original data — use Decrypt Columns with the same password used during encryption
You need to mask data by replacing it with fake but realistic values (such as fake names or random phone numbers) rather than encrypting or hashing it — use a data masking step instead
You intend to use hashed values for security login or authentication — pipeline-level hashing is designed for data anonymization in analytics pipelines, not for production authentication systems which require proper password hashing with salting (bcrypt, Argon2)

Where it fits in your Infoveave automation

Encrypt Column is one step inside a multi-step Infoveave workflow. Chain it with other activities — no code, no manual hand-offs.

ConnectLoad datasets containing PII, financial identifiers, credentials, or other sensitive column values that must be protected before downstream storage or sharing

ValidateConfirm which columns contain sensitive data requiring encryption and which encryption mode is appropriate — one-way for anonymous aggregation, two-way for authorized recovery

You are hereEncryptSelect the sensitive columns, choose the encryption type and algorithm, configure the password if using two-way, and apply the encryption step

LoadStore the encrypted dataset in the target system — the sensitive values are now protected and will not appear in plaintext in the destination table or file

Decrypt (if needed)Use the Decrypt Columns step with the same password to recover original values in authorized internal workflows — never expose the decrypted output to shared or third-party systems

Build this workflow visually in Infoveave Data Automation — drag, connect, and schedule with no infrastructure setup.

Infoveave — Workflow Builder

● SavedSchedule: Daily 06:00

How teams use Encrypt Column

Real scenarios where this transformation saves hours of manual work.

Retail

Anonymize Customer PII Before Loading into Shared Analytics Database

A retail company's marketing analytics pipeline processes customer records including Name, Email, and PhoneNumber columns before loading into a shared data warehouse accessible to multiple analytics teams. Encrypt Column is applied to Name, Email, and PhoneNumber using SHA-256 one-way hashing. The resulting hash values serve as anonymized customer identifiers for segmentation analysis — consistent hashing means the same customer always gets the same hash across pipeline runs, enabling cross-pipeline join without exposing actual names or contact information.

Manufacturing

Protect Employee Records Before Exporting to Third-Party Workforce Analytics Platform

A manufacturing HR team exports employee performance and attendance data to a third-party workforce analytics vendor. Regulations prohibit sharing personally identifiable employee data. Encrypt Column encrypts the EmployeeID, FullName, and NationalID columns using SHA-256. The vendor receives hashed identifiers that support their analysis without receiving any actual employee PII. A separate decryption-capable workflow retained internally allows the HR team to re-link results to actual employees.

Finance

Encrypt Account Numbers in Fraud Detection Pipeline for Secure Sharing

A bank's fraud detection pipeline joins transaction data across internal systems using AccountNumber as the join key. Before data is shared with a fraud analytics partner, AccountNumber must be encrypted. Encrypt Column applies two-way encryption with a secure password to AccountNumber, producing encrypted identifiers that the partner uses for analysis. The bank's internal Decrypt Columns step recovers the account number when the partner returns flagged transaction identifiers.

See Encrypt Column in action

Input data (left) is transformed using the configuration below. The output table (right) is ready for dashboards or downstream steps.

Encryption Type:One-way (SHA-256)

Columns:Name, Email

Input Data

CustomerID	Name	Email	AccountBalance
C001	Alice Johnson	[email protected]	5200.00
C002	Bob Smith	[email protected]	3100.50
C003	Carol Davis	[email protected]	8750.25
C004	Dave Wilson	[email protected]	1480.00
C005	Eve Thompson	[email protected]	6330.75

Output Data

CustomerID	Name	Email	AccountBalance
C001	6d0b0e84a7ab9f5a3e4ca17b2a3e9b0f1234567890abcdef1234567890abcdef	c0a4e7b2f9d3e1a5b8c6f0d2e4a9b7c3d5e8f1a2b4c6d8e0f2a4b6c8d0e2f4	5200.00
C002	7e1c1f95b8bc2g6b4f5db28c3b4f0c2g3456789012bcdefg2345678901bcdefg	d1b5f8c3g0e4f2b6c9d7g1e3f5b0c4d6e9g2b3c5d7e9f1b3c5d7e9f1b3c5d7	3100.50
C003	8f2d2g06c9cd3h7c5g6ec39d4c5g1d3h4567890123cdefgh3456789012cdefgh	e2c6g9d4h1f5g3c7d0e8h2f4g6c1d5e7f0h3c4d6e8f0c2d4e6f8c0d2e4f6c8	8750.25
C004	9g3e3h17d0de4i8d6h7fd40e5d6h2e4i5678901234defghi4567890123defghi	f3d7h0e5i2g6h4d8e1f9i3g5h7d2e6f8g1i4d5e7f9g1d3e5g7f9d1e3f5g7d9	1480.00
C005	0h4f4i28e1ef5j9e7i8ge51f6e7i3f5j6789012345efghij5678901234efghij	g4e8i1f6j3h7i5e9f2g0j4h6i8e3f7g9h2j5e6f8g0h2e4f6h8g0e2f4h6g8e0	6330.75

Configuration

Key fields to configure in the Infoveave workflow builder. Full reference available in the documentation.

Encryption Type

Choose between one-way and two-way encryption. One-way applies a cryptographic hash (SHA-256 or SHA-1) that cannot be reversed — the original value cannot be recovered from the hash. Use one-way for anonymization, pseudonymization, and compliance scenarios where original values will never need to be recovered. Two-way applies symmetric reversible encryption — the original value can be recovered using the Decrypt Columns step with the same password. Use two-way when downstream authorized processes need the original value.

Algorithm (one-way)

For one-way encryption, choose the hashing algorithm. SHA-256 produces a 64-character hexadecimal hash and is the recommended standard for data anonymization. SHA-1 produces a 40-character hexadecimal hash. SHA-256 is preferred for new implementations; SHA-1 is supported for compatibility with legacy systems that require 40-character hash identifiers.

Column Names

Select one or more columns whose values will be encrypted. All selected columns are encrypted using the same configured algorithm or password in a single step. To encrypt different columns with different algorithms or passwords, use separate Encrypt Column steps.

Password (two-way)

For two-way encryption, enter the symmetric encryption password. This password is required to decrypt the values using the Decrypt Columns transformation. Store the password securely — if the password is lost, the encrypted values cannot be recovered. Use a strong, unique password of at least 16 characters.

Frequently asked questions

Everything you need to know about Encrypt Column in Infoveave.

Also in Security — and what runs before & after

Transformations in the same family as Encrypt Column, often chained together in the same Infoveave workflow.

Security

Decrypt Columns

Generation

Generate ID

Filtering & Selection

Filter Rows

Part of Infoveave Data Automation

80+ transformations. Zero manual steps.

Encrypt Column is one of over 80 transformation activities available inside Infoveave workflows. Chain transformations together — no code, no exports, no waiting for IT.

View all transformations Book a Demo

Ready to see Infoveave in action?

Book a personalised demo with our data experts

Book a Demo

Infoveave® is a product of Noesys