Changelog

Configure Relay from Traffic

Evervault automatically encrypts sensitive data at the field-level. Developers specify the routes and fields they want to encrypt, then requests are encrypted before ever entering your app. Straightforward, right?

Well, we've just shipped a feature that makes this process even more intuitive. Developers can now configure encrypted fields directly from existing Relay traffic.

When you choose a request from the last 24 hours, we'll build an interactive map of the JSON payload, allowing you to quickly select any fields you'd like to encrypt.

You can access the feature Relay → Encrypted Fields → Configure using Relay's Traffic.

The feature also supports JSONPath and Wildcards for URL Parameters!

Relay Response Encryption

Fancy name, what’s that?

Well…

When a request is sent through an Evervault Relay, some fields are encrypted — as defined by you in the Evervault Dashboard. This payload (which is a mixture of plaintext and ciphertext) is sent to the Relay’s pre-configured destination — your API — which you also define in the Dashboard.

The response from the target may, in some cases, contain encrypted data.

To ensure client-side applications (e.g. web browsers, phones, etc) do not render encrypted data to your users, Relay will decrypt any Evervault encrypted strings before they are shown in your UI.

Of course, some data is so sensitive that it must also be masked from clients. Common use cases of this include payment credentials, banking information, and application secrets.

To support this, Relay can now be configured in a new mode.

When a request is sent through Relay, any fields configured to be encrypted will now be encrypted on the response from Relay’s target — not the request to it.

This mode can be used to retrieve sensitive data from your own or third party APIs, masked as encrypted data and shown to your users!

New Onboarding Experience

Over the last number of weeks, we've been rolling out a new onboarding experience for first-time Evervault users. The feature is a contextual tutorial that allows users to send JSON data through a configurable Sandbox Relay and watch as it gets encrypted in realtime. Why? Better onboarding which decreases time-to-first-encryption will improve user proficiency and retention.

Sandbox Relays which are created during onboarding can be accessed via your Dashboard — just in case you ever need to reacquaint yourself with Relay or test a new encrypted payload structure.

To access the new onboarding experience, just create a new account with Evervault.

New region, new guides, and CI pipeline deployment

This week we are introducing new guides (and improving the old ones) in our Dashboard, so it’s easier to get started with Relay and Cages. Some of the new guides include:

• How Relay works
• Running Relay with your local server
• Using outbound interception with our SDKs
• How to run and deploy your Cage

On the product side, the changes made include:

• The ability to deploy Cages using your CI pipeline
• The ability run Relay with your local server
• E3, Relay, and Cages being deployed in Western Europe
• Improved reliability of team creations and deletions in our Dashboard

In addition, we have reduced the bundle size of our dashboard from 2.63 MB to 1.95 MB (25% smaller), so it should be a lot faster to load! We will continue to improve this further.

As always, lots of small bugs were fixed and performance improvements across the board.

Relay and Cages 1.0

Relay and Cages are live. Both are built on the Evervault Encryption Engine (E3).

E3 is a what all Evervault products and services will be built on, and is where all cryptographic operations will happen. E3 is built on AWS Nitro Enclaves — fully isolated, hardened, and highly constrained virtual machines that have no persistent storage, no interactive access, and no external networking.

Relay makes it easy for developers to automatically encrypt sensitive data at the field-level before it enters their app, and decrypt it as it leaves.

Cages are isolated serverless functions hosted on Evervault for processing the data encrypted with Relay.