Encryption
  • 17 Jan 2022
  • 1 Minute to read
  • Contributors
  • Dark
    Light
  • PDF

Encryption

  • Dark
    Light
  • PDF

Article summary

Edges are always encrypted. Messages that are sent to the Edge or received from the Edge are sent using HTTPS with a Signature version 4 header. Messages that the Edge stores for delivery are encrypted at-rest.

By default your Edges are encrypted using your Tenant's default Kms Key. The Tenant's default Kms Key is created automatically for your Tenant, is exclusive to your Tenant, and is used for encrypting many things in your Tenant, including Edges that you create without explicitly specifying a Kms Key.

For most use cases, allowing your Edges to be encrypted using the default Kms Key is fully sufficient. However, you may have a use case where this does not meet your security or trust requirements.

For example, you may be sending messages to a completely untrusted vendor via an External App / External Node and giving that vendor access to use your Tenant's default Kms Key is undesriable. In this case, you may create another Kms Key in your Tenant and assign that Kms Key to the Edges that source or target the vendor's External Nodes. This explicitly limits the vendor to only being able to access information that is sent specifically to it and cryptographically isolates the messages transmitted on those Edges to the Nodes that are using those Edges.


What's Next