Genesys Cloud - Developer Community!

 View Only

Sign Up

  • 1.  How use KMS Encrypt in Architect Flows

    Posted 10-07-2025 12:55

    Hello everyone, we are currently integrating with a service that asks to send only some encrypted parameters and we are doing it with the Genesys Cloud symmetric KMS service. We are encrypting the parameters from architect using the flow's own action that asks to be configured in JSOON format, but when sending the information to the external service which is a lambda in AWS it fails to decrypt the data. Has anyone gone through the same issue?


    #Architect
    #DataActions
    #Integrations
    #PlatformAPI

    ------------------------------
    Andres Lopez
    Desarrollador Genesys Senior
    ------------------------------


  • 2.  RE: How use KMS Encrypt in Architect Flows

    Posted 10-07-2025 17:28
    Edited by Luiz Rosa 10-07-2025 17:37

    Hello Andres,

    From what I understand, the Encrypt Data and Decrypt Data actions in Architect use the AWS Encryption SDK with an AWS KMS key configured in Genesys Cloud. If the same KMS key and permissions are available in AWS, a Lambda function can decrypt the data; otherwise, decryption will fail.

    ------------------------------
    Luiz Rosa
    Full stack developer
    ------------------------------

    Original Message


  • 3.  RE: How use KMS Encrypt in Architect Flows

    Posted 10-07-2025 17:38

    Hi Andres, are you actually using the AWS conversation/data action encryption KMS and have configured that in Genesys Cloud?  Encryption and decryption within Architect is fairly straight forward and you can test in a flow encrypting and decrypting your data.  

    Your Lambda on the other side that receives the encrypted JSON payload then uses the KMS SDK to decrypt it - assuming your Lambda can access and use that key and you've got it in the right region.  

    What logging do you have for the Lambda when it tries to do this?



    ------------------------------
    Vaun McCarthy
    ------------------------------

    Original Message


  • 4.  RE: How use KMS Encrypt in Architect Flows

    Posted 10-08-2025 22:22

    Hi Vaun, the lambda is returning the following error:

    {
      "errorMessage": "An error occurred (InvalidCiphertextException) when calling the Decrypt operation: ",
      "errorType": "InvalidCiphertextException",
      "requestId": "0e79bce7-c850-48d0-8cf6-3d7e74b63e62",
      "stackTrace": [
        "  File \"/var/task/lambda_function.py\", line 17, in lambda_handler\n    response = kms.decrypt(\n",
        "  File \"/var/lang/lib/python3.12/site-packages/botocore/client.py\", line 602, in _api_call\n    return self._make_api_call(operation_name, kwargs)\n",
        "  File \"/var/lang/lib/python3.12/site-packages/botocore/context.py\", line 123, in wrapper\n    return func(*args, **kwargs)\n",
        "  File \"/var/lang/lib/python3.12/site-packages/botocore/client.py\", line 1078, in _make_api_call\n    raise error_class(parsed_response, operation_name)\n"
      ]
    }
    I appreciate your help
    Regards.
    Andrés


    ------------------------------
    Andres Lopez
    Desarrollador Genesys Senior
    ------------------------------

    Original Message


Related Content