Skip to main content



Coupa Success Portal

Coupa Encrypted Fields


Protecting customer data and preventing system attacks is a top priority for Coupa. Coupa only uses encrypted connections to protect data contents in transition, while also encrypting sensitive files prior to storing them. Coupa adheres to the following fundamentals of encryption and key management:

  • The use of well known and publicly vetted cryptography. The use of homegrown cryptographic algorithms are not permitted.
  • Proper key management and protection are critical to ensure encryption provides the desired protection.

Encrypted Fields

Database Column Encryption

Coupa utilizes AES-256-GCM for database column encryption. All keys are unique to each customer instance. The following fields are encrypted in the Coupa application:

Model Attribute Name Key Type Mode
Attachment text unique HIPAA
Comment comments unique HIPAA
Transactional Models custom_field_# unique HIPAA
EasyFormWidget answer shared Standard
EndpointInstance password unique Standard
EndpointInstance ssh_key unique  Standard
ExpenseAccountNumberLookup account unique Standard
ExpenseLine description unique HIPAA
Identity access_token unique Standard
IntegrationWarning value unique Standard
InvoiceCharge description unique HIPAA
InvoiceLine description unique HIPAA
OnlineStore password unique Standard
OIDC Client secret unique Standard
Pcard number unique  Standard
PGP Key key_data unique Standard
RevisionRecord data unique HIPAA
RevisionSnapshoCache data unique HIPAA
SupplerInformation federatl_tax_num unique Standard
SupplerInformation cxml_http_password unique Standard
SupplerInformation cxml_secret unique Standard
SupplerInformationAddress bank_routing_number unique Standard
SupplerInformationAddress international_bank_account_number unique Standard
SupplerInformationAddress iban_number unique Standard
SupplerInformationAddress swift_code unique Standard
SupplerInformationAddress sort_code unique Standard
SupplerInformationAddress bsb_number unique Standard
SupplerInformationAddress bic unique Standard
SupplerInformationAddress bic_routing_code unique Standard
SupplerInformationAddress bank_account_number unique Standard
Supplier cxml_http_password unique Standard
Supplier cxml_secret unique Standard
SupplierSite cxml_http_password unique Standard
SupplierSite cxml_secret unique Standard
SupplierRemitTo bank_account_number unique Standard
SupplierRemitTo bank_routing_number unique Standard
SupplierRemitTo iban_number unique Standard
SupplierRemitTo swift_code unique Standard
SupplierRemitTo sort_code unique Standard
User yodlee_auth_token unique Standard

Attachment Encryption

Attachment encryption for data at rest utilizes AES-256-GCM.

  • Was this article helpful?