April 04, 2023
4 min read

Product Update April ‘23

The Evervault Team

Use Case: Secure API Credentials and Secrets

Our fastest-growing use case is securely storing Credentials. We offer an easy and secure way to encrypt (and use) third-party API credentials. You can keep your users' most sensitive data safe and build better, more integrated products with ease.

With Evervault's Inbound Relay and client-side SDKs, you collect third-party API credentials from your users and encrypt them before they touch your infrastructure. Then, using Outbound Relay, you can easily use encrypted authentication tokens with any HTTP API. Try it yourself by following along using our step-by-step Guides.

Encryptions in E3 are now 4x faster

As part of a broader effort to improve the tail latency of requests to E3, we have migrated the default elliptic curve to be used throughout the system to SECP256R1 from SECP256K1 (aka the Bitcoin curve). This migration has increased the throughput of individual encrypt operations 4x.

Cages are now OS (+ Metrics!)

The source code for our Cages product is now publicly available. With this, developers can view the code that is deployed alongside their process in an enclave. This is crucial for one of Cages' main features, cryptographic attestation. Developers can now attest that the official cages runtime and their own process are running untampered, within the enclave.

You can view the source code for the Cages runtime and the associated CLI on GitHub.

This month we also shipped Cage Metrics. You can now view your Cage's CPU and Memory utilization in the Dashboard, along with encrypt/decrypt metrics. If you have an existing Cage, you can redeploy it to pull in the latest runtime to start using this feature.

Relay Header Encryption

We've added support for HTTP header encryption in Inbound and Outbound Relay. You can now specify which HTTP headers to encrypt when traffic is proxied through either proxy. This option can be configured in the Evervault dashboard.

Inbound Relay IP Preservation

Inbound Relay now supports client IP preservation. The Client IP will be appended to the X-Forwarded-For header when the request is received in the target server. To enable it on an inbound relay with a custom domain, you will have to change your DNS record. More here.

Inputs Improvements

Inputs now support additional style properties, allowing users to style-match their Evervault-hosted forms to the rest of their product. Additionally, the config now supports a dynamic height: auto property which resizes the Inputs form based on its content by messaging between the iframe and its parent.

Introducing Evervault Guides

Last month we launched Evervault Guides, a new section of our docs that focuses on how to build common use cases with Evervault in various tech stacks. Each guide provides a link to a Replit with runnable code and a repo that can be configured to follow along. A few highlights include:

If there’s a guide that you’d like to see, let us know in Discord, or if you’ve built an example that you’d like turned into a guide, submit a pull request to our examples repo on GitHub.