Features

The Encryption Proxy is a modular system that enables transparent encryption and decryption across application and database layers. Below is a list of supported and upcoming components:

Name	Type	Status
HTTP API	Encryption Services	✅ Ready
PostgreSQL	Database Proxy	✅ Ready
MySQL	Database Proxy	🚧 Next Release
MongoDB	Database Proxy	🚧 Next Release

Component Details

• HTTP API (Encryption Services) A stateless REST API that provides encryption and decryption endpoints. It supports envelope encryption, key rotation, and integration with external Key Management Systems (KMS).

• PostgreSQL Database Proxy Acts as a transparent proxy layer for PostgreSQL, intercepting SQL queries and responses to perform field-level encryption/decryption without modifying client applications.

• MySQL Database Proxy (Planned) Upcoming support for MySQL with similar capabilities as the PostgreSQL proxy, including real-time encryption and query rewriting.

• MongoDB Database Proxy (Planned) Proxy support for MongoDB to handle BSON-level encryption and support schema-aware field-level encryption.

Key Features

• Database Compatibility

  • Currently supports PostgreSQL with plans to expand to other databases like MySQL, MongoDB, and more.

  • Provides a unified security layer for diverse database environments.

• Flexible Configuration

  • Easily configurable through YAML files, allowing customization for various use cases.

• AES-GCM Encryption with Authentication

  • Utilizes AES-GCM (Authenticated Encryption with Associated Data - AEAD) for encrypting data at rest.

  • Provides both encryption and authentication, ensuring data integrity and confidentiality.

• Column-Level Encryption

  • Encrypts sensitive data at the column level with minimal affecting database structure.

  • Ensures minimal application performance impact.

• Key Management Integration

  • Currently supports ENV based and Google Cloud KMS with plans to expand to AWS KMS and in-house key management services.

  • Ensures vendor-agnostic key storage and management.

  • Supports key rotation, allowing periodic changes to encryption keys without disrupting database operations.

• Zero Trust Security Model

  • Enforces least privilege access by ensuring encryption keys and data access are restricted based on identity and role-based controls.

  • Continuous verification of encryption processes to prevent breaches and ensure real-time compliance monitoring.

• Audit Logs & Monitoring

  • Records all encryption and decryption activities for traceability and compliance.

  • Provides detailed audit logs that help organizations track data access and modifications.

  • Ensures transparency and accountability by maintaining immutable logs of cryptographic operations.

• Compliance & Security

  • Meets industry standards for encryption and data protection.

  • Helps organizations comply with data privacy regulations.

• Performance Optimization

  • Designed to handle high-performance workloads.