Skip to content

Martini Services Data Encryption & Masking

In Martini, securing sensitive data is of utmost importance. This section covers how to use Martini's encryption and masking features to protect data such as passwords, credit card numbers, and personal identifiable information. Martini leverages Vault for encryption services, ensuring data is encrypted, access-controlled, and auditable.

Security Considerations

When implementing data encryption and masking in Martini, consider the following:

  • Access Control: Restrict access to encrypted data based on user roles and responsibilities.
  • Data Masking: Mask sensitive data, ensuring that it's not exposed in logs, UIs, or to unauthorized users.
  • Audit Trails: Maintain audit logs for all access and modification to encrypted data to ensure traceability.
  • Encryption Key Management: Manage encryption keys securely, using Vault for key storage, rotation, and access control.

Encryption Operations

Martini supports various operations through Vault for handling sensitive data:

  • Read/Write: Store and retrieve data securely in Vault.
  • Delete/Undelete: Manage the lifecycle of stored data, including secure deletion and recovery.
  • Encrypt/Decrypt: Encrypt strings or byte arrays for secure storage and decrypt them for use.
  • Sign/Verify: Digitally sign data and verify signatures to ensure data integrity.

Password Encryption

For password encryption, Martini uses AES-GCM by default. Ensure that the vault.transit.mount_path and vault.transit.encryption_key properties are correctly set. Changing the encryption provider or encryption key may require password re-encryption for security.

Sample Usage

Integrate encryption and masking in your Martini applications by configuring Vault and using the Martini API for secure data operations. For connecting to Vault using AWS IAM, set up both AWS and Vault according to the required guidelines and verify the connection using Vault's CLI or API before integration.

Remember, securing sensitive data not only protects your business but also ensures compliance with data protection regulations.