Data Encryption
Encryption at rest and in transit for Gauzy deployments.
In Transit (TLS)โ
HTTPS Configurationโ
All production deployments must use TLS:
server {
listen 443 ssl http2;
ssl_certificate /etc/ssl/certs/gauzy.crt;
ssl_certificate_key /etc/ssl/private/gauzy.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
}
Internal Communicationโ
- API โ Database: Use
sslmode=require - API โ Redis: Use
rediss://(TLS) - API โ S3: HTTPS endpoints
At Restโ
Database Encryptionโ
PostgreSQL Transparent Data Encryption:
-- Check if encryption is enabled
SHOW ssl;
-- Result: on
Column-Level Encryptionโ
For sensitive data fields:
@MultiORMColumn({
transformer: new EncryptionTransformer({
key: process.env.ENCRYPTION_KEY,
algorithm: 'aes-256-gcm',
}),
})
ssnNumber: string;
File Storage Encryptionโ
# AWS S3 server-side encryption
AWS_S3_ENCRYPTION=AES256
Key Managementโ
| Key | Storage | Rotation |
|---|---|---|
| JWT Secret | Environment variable | Quarterly |
| DB Encryption Key | Vault/KMS | Annually |
| S3 Encryption Key | AWS KMS | Auto |
| TLS Certificate | File/Cert Manager | 90 days |
Related Pagesโ
- SSL Certificate Management โ SSL
- Security Headers โ headers
- Compliance โ GDPR