Relay Response Encryption

Fancy name, what’s that?


When a request is sent through an Evervault Relay, some fields are encrypted — as defined by you in the Evervault Dashboard. This payload (which is a mixture of plaintext and ciphertext) is sent to the Relay’s pre-configured destination — your API — which you also define in the Dashboard.

The response from the target may, in some cases, contain encrypted data.

To ensure client-side applications (e.g. web browsers, phones, etc) do not render encrypted data to your users, Relay will decrypt any Evervault encrypted strings before they are shown in your UI.

Of course, some data is so sensitive that it must also be masked from clients. Common use cases of this include payment credentials, banking information, and application secrets.

To support this, Relay can now be configured in a new mode.

When a request is sent through Relay, any fields configured to be encrypted will now be encrypted on the response from Relay’s target — not the request to it.

This mode can be used to retrieve sensitive data from your own or third party APIs, masked as encrypted data and shown to your users!