Skip to content

Encryption at Rest in Martini

To facilitate encryption at rest, Martini offers two primary options for securing sensitive data:

  1. Encryption Function: This function can be incorporated into your services and workflows to encrypt data before it is stored in static data storage.

  2. Vault as a Service: This option integrates with HashiCorp Vault to manage encryption keys and secure data storage.

Both methods utilize AES 256-bit encryption to ensure that your data remains secure and protected from unauthorized access.

Encryption Function

Martini includes a convenient encryption function that allows you to encrypt sensitive data prior to its storage. This function can be used directly within your services and workflows.

To use the encryption function, you must specify a unique value for the encryption key in your override.properties file. Here’s an example of how to set the default encryption key:

1
2
# Default secret key used by AesCypherV2
password.encryption-key=YourUniqueKey

Note: Martini Server Runtime v2.3 and later will automatically create a unique value for the password.encryption-key in the override.properties file for each instance of Martini if one has not already been set. If you are load balancing multiple instances of Martini Server Runtime that will be reading and writing encrypted values, ensure that the same key is used across all instances.

Important: Keep your encryption key confidential and secure, as it is essential for both encrypting and decrypting your sensitive data.

Vault as a Service

In addition to the built-in encryption function, Martini supports integration with HashiCorp Vault to provide a robust solution for managing encryption keys and protecting sensitive data. Vault acts as a centralized security management system, allowing you to handle encryption, secrets, and access controls efficiently.

For more details on how to configure Vault with Martini, please refer to the following resources: