Field Manifest
Configure additional signing fields alongside the primary signature, including initials, date fields, checkboxes, and freeform text, using the VaultESign Field Manifest. All field data is stored in your Azure subscription.
The Field Manifest defines additional fields that appear in the signing portal alongside the primary signature. It is derived automatically from the PDF template's signature block definitions and is embedded in the signing session at creation time. All field values are stored in your Azure subscription with immutable audit records.
Template-Driven
The field manifest is extracted from the rendered PDF template. Fields declared in the template's signature_block nodes are automatically surfaced in the portal for each signer slot. No additional configuration required.
Field Types
| Type | Description | Storage Format | Use Cases |
|---|---|---|---|
sign | The primary drawn or typed signature. Always required per slot. | Base64-encoded PNG | Contract execution, consent forms, approvals |
initials | A secondary initials field. Stored as base64-encoded PNG. | Base64-encoded PNG | Acknowledgment of specific clauses, page initialing |
date | A date confirmation field. Pre-filled with today's date; signer can adjust. | ISO 8601 (YYYY-MM-DD) | Execution date, effective date, review date |
text | A freeform text field. Supports optional length (max characters, default 100). | UTF-8 plaintext | Title, position, custom acknowledgments |
check | A checkbox (boolean). Used for consent acknowledgements or terms. | Boolean (true/false) | Consent acceptance, terms agreement, attestation |
These are not AcroForm fields
signature_block, input, and attachment nodes in a VaultPDF template are layout elements, not PDF AcroForm fields. A signature_block tells VaultPDF where to inject the seal image after signing — the seal is placed by the render engine, exactly as DocuSign and other e-signature platforms handle it. input and attachment blocks are visual placeholders rendered into the PDF layout. None of these elements are interactive in Acrobat or any PDF viewer. They are part of the VaultESign flow only and are not clickable form fields.
Manifest Structure
{
"version": "1.0",
"signingMode": "sequential",
"slots": [
{
"slotIndex": 0,
"role": "vendor",
"completionCondition": "required",
"ttlMinutes": 4320,
"otp": {
"channel": "email",
"required": true
},
"consent": {
"reviewText": "I confirm I have read and understood this document.",
"bindingText": "I acknowledge this electronic signature is legally binding."
},
"fields": [
{
"fieldId": "vendor-sig",
"fieldType": "sign",
"role": "vendor",
"anchor": "sig-vendor-main",
"label": "Vendor Signature",
"required": true
},
{
"fieldId": "vendor-initials",
"fieldType": "initials",
"role": "vendor",
"anchor": "sig-vendor-initials",
"label": "Initials",
"required": false
},
{
"fieldId": "vendor-date",
"fieldType": "date",
"role": "vendor",
"anchor": "sig-vendor-date",
"label": "Date Signed",
"required": true
},
{
"fieldId": "vendor-title",
"fieldType": "text",
"role": "vendor",
"anchor": "sig-vendor-title",
"label": "Title / Position",
"required": false,
"length": 100
}
]
}
]
}Slot Properties
| Property | Type | Description | Example |
|---|---|---|---|
slotIndex | number | Zero-based slot index. Matches the slotIndex in the session request. | 0, 1, 2 |
role | string | Matches the signature block role in the PDF template. Determines field positioning and visibility. | vendor, manager, witness |
completionCondition | required | optional | Whether this slot must be signed for the session to complete. Optional slots may be skipped. | required (default), optional |
ttlMinutes | number | Per-slot time-to-live in minutes. Slot expires if not signed within this window. Defaults to 4320 minutes (3 days). | 4320, 1440, 525600 |
otp.channel | email | sms | signer-choice | OTP delivery channel for identity verification. signer-choice lets the signer pick their preferred method. | email, sms, signer-choice |
otp.required | boolean | Whether OTP verification is required before the signer can access the document. Enhances security. | true, false |
otp.phoneNumber | string | Required when channel is sms. Phone number for OTP delivery. | +1-206-555-0100 |
consent.reviewText | string | Custom wording for the document-reviewed consent checkbox. Uses platform default if absent. | "I confirm I have read this document" |
consent.bindingText | string | Custom wording for the legally-binding acknowledgement. Uses platform default if absent. | "I acknowledge this signature is legally binding" |
Field Properties
| Property | Type | Required | Description |
|---|---|---|---|
fieldId | string | Yes | Unique identifier within the slot. Used in the stored fieldsJson record and for audit tracing. No spaces or special characters. |
fieldType | sign | initials | check | date | text | Yes | Type of field to render in the portal. Determines storage format and validation. |
role | string | Yes | Must match the parent slot role. Ensures field visibility and signing authority. |
anchor | string | Yes | Template node ID / selector used to position the field in the document. References a node in the PDF template. |
label | string | No | Display label shown above the field in the portal. Improves UX. If omitted, field appears without label. |
required | boolean | Yes | Whether the signer must complete this field before submitting. The primary sign field is always required. |
length | number | No | Maximum character length for text fields. Defaults to 100. Validation occurs in portal. |
Stored Field Values
After signing, all field values are stored in ESignSlotEntity.fieldsJson as a key-value record in your Azure Table Storage:
{
"vendor-sig": "<base64-png>",
"vendor-initials": "<base64-png>",
"vendor-date": "2026-05-29",
"vendor-title": "Director of Operations",
"vendor-terms": true
}Storage Details:
- Primary signature PNG: Also stored directly in
ESignSlotEntity.signaturePngBase64for evidence certificate generation - Initials PNG: Stored as base64-encoded PNG (same as signature)
- Date fields: Stored in ISO 8601 format (YYYY-MM-DD)
- Text fields: Stored as UTF-8 plaintext (up to
lengthlimit) - Checkbox fields: Stored as boolean (true/false)
- Audit trail: All field values linked to evidence certificate via
correlationIdandgroupId - Encryption: All values at rest in Table Storage are encrypted with AES-256-GCM
- Data residency: All field data remains in your Azure subscription, in your chosen region
Field Value Examples
Signature Field (sign)
{
"fieldId": "vendor-sig",
"fieldType": "sign",
"label": "Vendor Signature"
}Stored as:
{
"vendor-sig": "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNkYPhfDwAChwGA60e6kgAAAABJRU5ErkJggg=="
}(Base64-encoded PNG, captured in portal, sealed in evidence certificate)
Initials Field (initials)
{
"fieldId": "vendor-initials",
"fieldType": "initials",
"label": "Initials",
"required": false
}Stored as:
{
"vendor-initials": "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNkYPhfDwAChwGA60e6kgAAAABJRU5ErkJggg=="
}Date Field (date)
{
"fieldId": "vendor-date",
"fieldType": "date",
"label": "Date Signed",
"required": true
}Stored as:
{
"vendor-date": "2026-05-29"
}(ISO 8601 format, captured from signer's selection in portal)
Text Field (text)
{
"fieldId": "vendor-title",
"fieldType": "text",
"label": "Title / Position",
"required": false,
"length": 100
}Stored as:
{
"vendor-title": "Director of Operations"
}(UTF-8 plaintext, up to 100 characters)
Checkbox Field (check)
{
"fieldId": "vendor-terms",
"fieldType": "check",
"label": "I agree to the terms and conditions",
"required": true
}Stored as:
{
"vendor-terms": true
}(Boolean: true if checked, false if unchecked)
Compliance & Storage Security
Data Security
All field values are protected in transit and at rest:
In Transit:
- HTTPS/TLS 1.3 (AES-256) from portal to your Processor
- Encrypted payload in signing submission
At Rest:
- Stored in your Azure Table Storage (your subscription, your region)
- AES-256-GCM encryption applied
- Immutable audit records linked to evidence certificate
- Never transmitted outside your subscription
Audit & Evidence
Field values are incorporated into the evidence certificate:
- All field IDs and values: Captured in
fieldsJsonwithin evidence - Timestamps: Field value submission time recorded per field
- Signer identity: Linked via evidence certificate
- Document hash: Proves document was not modified post-signing
- Consent text: Frozen at signing time, immutable proof of consent
HIPAA & GDPR Compliance
HIPAA (ePHI Protection):
- All field values remain in your Azure subscription
- No field data transmitted to Vault Shared Services
- Encrypted at rest, audit trail in your control
- Compliant without additional BAA
GDPR (Personal Data Protection):
- If text fields contain personal data (e.g., signer name, title), stored in your region
- Field values never processed by Vault Shared Services
- Complete data residency guaranteed
- Signer can request export/deletion from your records
Back to VaultESign Overview
Review signing modes, session states, evidence certificates, and data residency guarantees.
VaultESign
VaultESign provides native electronic signing for documents rendered by VaultPDF. Your documents stay in your Azure subscription. Signers access a signing portal to verify identity, review documents, and apply legally-binding electronic signatures. All signing evidence and audit records are stored entirely within your tenant.
VaultDelivery
VaultDelivery provides secure document dispatch and delivery for VaultPDF-generated documents. Send documents to external recipients via time-limited access links or write directly to SharePoint, with full access auditing and proof of delivery.