Changelog

We know that latency is a core consideration when implementing Evervault Relay, so we’re delighted to be releasing our new latency reporting functionality today.

For every request your users send through Relay, we measure and record the latency between Evervault’s infrastructure and your infrastructure. The charting functionality in the Dashboard allows you to analyze latency at various percentiles, making it easier for you to make latency commitments to your own users.

Application performance is a major priority for us in every engineering decision that we make, so we’re excited about this first step in holding ourselves accountable for improving your infrastructure’s performance.

We are happy to announce charting for Relay requests. The goal is to help make traffic data more digestible, so it’s easier to monitor trends over time, see spikes in traffic, and identify any possible bottlenecks.

With the new charting capabilities, users are also able to filter by HTTP code (e.g. 2XX, 3XX, 4XX, 5XX) or any search term — because when you filter for logs the chart is also updated to reflect your search.

This is the first of a series of improvements we are making to help users better understand traffic behaviour, and get better insights from their data. Stay tuned!

This month, we overhauled the Evervault documentation. We rewrote and reprioritised content, improved navigation and discoverability and reworked the landing page. Overall, it’s a big plus for developer experience. Within the coming months, we’ll also be adding technology-specific user guides to cater to the growing number of Evervault use cases; so keep an eye out for your stack.

Check out the new and improved Evervault documentation at docs.evervault.com.

Evervault Relay accepts connections from your users, encrypts sensitive data fields and then connects to your API and transmits the encrypted data over TLS. Occasionally, errors can occur between your user and Relay or between Relay and your API. These errors can often be difficult to debug without verbose request logs.

We just released new functionality that surfaces underlying system errors to developers, so you can quickly identify issues in your system. The errors displayed are bubbled up directly from our underlying HTTPS implementation and include details on things like TLS handshake errors, socket hangups and network timeouts.

You can access the feature by navigating to Relay → Activity Logs in the Evervault Dashboard.

Coming soon: get notified about unusual events and error spikes by e-mail, SMS, PagerDuty or Slack.

Evervault Relay communicates directly with your API over Transport Layer Security (TLS). Your API may be configured to require client-side TLS authentication. This is known as Mutual TLS (or mTLS).

We just released a new feature that allows you to upload an mTLS certificate to authenticate the connection between Relay and your API.

We also allow you to upload password-protected certificates for added security.

Enabling mTLS between Relay and your API means that you can block any requests that are not routed through Evervault, preventing you from accidentally collecting plaintext sensitive data as well as giving you the ability to reject clients that are not protected by Relay's network-level security capabilities.

You can access the feature by navigating to Relay → Configuration → Mutual TLS Certificates in the Evervault Dashboard.

Evervault automatically encrypts sensitive data at the field-level. Developers specify the routes and fields they want to encrypt, then requests are encrypted before ever entering your app. Straightforward, right?

Well, we've just shipped a feature that makes this process even more intuitive. Developers can now configure encrypted fields directly from existing Relay traffic.

When you choose a request from the last 24 hours, we'll build an interactive map of the JSON payload, allowing you to quickly select any fields you'd like to encrypt.

You can access the feature Relay → Encrypted Fields → Configure using Relay's Traffic.

The feature also supports JSONPath and Wildcards for URL Parameters!

Fancy name, what’s that?

Well…

When a request is sent through an Evervault Relay, some fields are encrypted — as defined by you in the Evervault Dashboard. This payload (which is a mixture of plaintext and ciphertext) is sent to the Relay’s pre-configured destination — your API — which you also define in the Dashboard.

The response from the target may, in some cases, contain encrypted data.

To ensure client-side applications (e.g. web browsers, phones, etc) do not render encrypted data to your users, Relay will decrypt any Evervault encrypted strings before they are shown in your UI.

Of course, some data is so sensitive that it must also be masked from clients. Common use cases of this include payment credentials, banking information, and application secrets.

To support this, Relay can now be configured in a new mode.

When a request is sent through Relay, any fields configured to be encrypted will now be encrypted on the response from Relay’s target — not the request to it.

This mode can be used to retrieve sensitive data from your own or third party APIs, masked as encrypted data and shown to your users!

Over the last number of weeks, we've been rolling out a new onboarding experience for first-time Evervault users. The feature is a contextual tutorial that allows users to send JSON data through a configurable Sandbox Relay and watch as it gets encrypted in realtime. Why? Better onboarding which decreases time-to-first-encryption will improve user proficiency and retention.

Sandbox Relays which are created during onboarding can be accessed via your Dashboard — just in case you ever need to reacquaint yourself with Relay or test a new encrypted payload structure.

To access the new onboarding experience, just create a new account with Evervault.