Use Cases

Announcing Relay and Cages

August 18, 2021 byShane Curran

In How we built the Evervault Encryption Engine (E3), we shared some of what we’ve been building at Evervault. In this short post, we’re excited to share our first two services that are built on E3: Relay and Cages.

E3, Relay, and Cages

As a brief reminder: E3 is what all Evervault products and services will be built on, and is where all cryptographic operations will happen. E3 is built on AWS Nitro Enclaves — fully isolated, hardened, and highly constrained virtual machines that have no persistent storage, no interactive access, and no external networking.

Relay automatically encrypts sensitive data at the field-level before it enters your app, and decrypts it as it leaves. Integrate in 5 minutes by including our SDK and changing a DNS record.

Cages are isolated serverless functions hosted on Evervault for processing the data you encrypt with Relay or our SDKs. You can deploy and run any Node.js code as a Cage.

You can get started with Relay and Cages now.

Encrypt sensitive data with Relay

Relay makes it easy for you to automatically encrypt sensitive data at the field-level before it enters your app, and decrypt it as it leaves.

How does Relay work?

  1. Collect user data

    A user inputs sensitive data in your UI and sends a request to your server — as normal. Through the DNS change, inbound requests are routed through Relay. Inbound requests are intercepted and encrypted by Relay before being sent to your server.

  2. Use encrypted data

    You can send encrypted data to third-party APIs just like you would with ordinary, plaintext data. Your server sends a request to a third-party API and a response to your client. By including our SDK, Relay will automatically intercept and decrypt data before being sent to the third-party API. ​​Responses are also intercepted and decrypted by Relay before being returned to your UI.

    You can process encrypted data yourself using code you deploy to Cages.

  3. Render user data

    The decrypted response from your server is rendered in plaintext on your UI. Relay scans the response from your server for Evervault-encrypted data and automatically decrypts it before it reaches your users.

Evervault Dashboard → Create Relay

How do you integrate Relay? You can integrate Relay in 5 minutes by including our SDK, changing a DNS record, and adding the fields of data that Relay should encrypt. You can create your first Relay now.

Process encrypted data with Cages

Cages are isolated serverless functions hosted on Evervault for processing the data encrypted with Relay or our SDK. You never handle the data in plaintext.

How do Cages work? Cages provide API endpoints that can be triggered through our SDK or over HTTPS. Encrypted data is decrypted by the Cage runtime as it's passed to your code. Evervault takes care of automatic scaling. Cage runs are logged in real time. When you push to GitHub, your Cage code is automatically updated. With Cage versioning, you can easily roll-back to previous versions.

Evervault Dashboard → Create Cage

How do you integrate Cages? Deploy Node.js code in a Cage using our GitHub integration or CLI. You can create your first Cage now.


Because our mission is to encrypt the web, we only charge developers and companies when they get value from their data — not when they encrypt it. We think this aligns us better with you and your users.

As a result, Relay and Cages share the same usage-based pricing: you’re only charged for each Relay Decrypt and Cage Run.

Contact our sales team for volume discounts.

If you’re a developer who wants to secure your app, you can integrate Relay and Cages now.