End-to-End Encryption
- Every user is issued a fresh RSA key pair which can only be decrypted from their account password. And the password is, of course, kept hashed in the database.
- Every organisation is issued an unique AES 256-bit symmetric key, which is used to encrypt it’s secrets.
- Secrets are kept encrypted both at rest and in transit.
Read a detailed description of our implementation of end-to-end encryption in the data model.
Zero-Knowledge Architecture
- No one can see/decrypt your secrets. Not even us.
- All cryptographic operations i.e. encrypting and decrypting secrets, happen only on client side. Never on server side.