A proxy for encrypting sensitive data

Relay is a network proxy that can be configured to encrypt and decrypt sensitive data as it passes between your browser, server and third-party APIs.

BrowserEncryptServerServerDecrypt3P API

Avoid handling sensitive data in plaintext

Relay can be called using an Evervault server-side SDK, or a proxy URL. Once created, the proxy can be configured to encrypt or decrypt requests or responses.

Evervault's server-side SDKs can automatically detect and decrypt any Evervault-encrypted strings in requests to third-party APIs.

3await plaidClient
4  .transactionsGet({
5    access_token: 'ev:ZEQwEqLE_YzclnPF_FjorA',
6    start_date: 18 Jul 2023,
7    end_date: 17 Jul 2024,
8  });

Get started with the Relay Primitive

Create your first Relay and start encrypting data during a network request.

Step 1

Create a Relay

You can create a Relay in the Evervault dashboard, pointing at either your own server or a third-party URL. Proxied requests will be forwarded to the domain you specify, including any encrypted or decrypted fields that you’ve configured.

Create a Relay
Where should we forward proxied traffic?
Step 2


Relay can be configured to encrypt or decrypt fields in a request or a response. You can also choose to encrypt or decrypt different fields for different paths.

Configure Relay
Request Body
Request Headers
Encrypted Fields
No Policy
PCI Data
EU Data
PCI Data
Step 3


Once your Relay has been configured, you can integrate in a few lines of code. You can use the SDK for any requests sent to third-party APIs, or a proxy URL for requests to your own server.

3// Relay decrypts data sent to Stripe
4await stripe.customers
5  .create({
6    address: 'ev:dnamPvA2_O2JGN1534nyGg',
7    name: 'ev:NkZzNUbfUeo8JByldEAhrw',
8  });

Flexible, performant and highly secure

Relay isn’t just a network proxy. It’s flexible enough to encrypt or decrypt data in any data security workflow, without affecting the performance of your product.

Ultra-low Latency

Encryption and decryption operations introduce a minimal latency penalty.

You Store the Data

We store encryption keys, you store data as you normally would — but fully encrypted.

Enclave Backed

Encryption operations only happen inside isolated, hardened, and highly constrained secure enclaves.

Proxy to Anywhere

Encrypt or decrypt data that's sent between your browser, server or a third-party API.

Fundamentally Configurable

Configure Relay to encrypt or decrypt any field of data in a request or response, on any endpoint or path.

Fully Compliant

Evervault is fully compliant with standards like PCI DSS, HIPAA and GDPR.

Adapt Relay for any security workflow

Relay can be configured in several different ways, depending on whether your interacting with your own server or a third-party API.


Compatible with each Evervault Primitive

Primitives are building blocks for developers. They're fundamental, interoperable products for constructing any data security or compliance workflow.

Read the docs

Meet compliance requirements. Build customer trust.

Use Evervault’s flexible building blocks to keep your customers’ data secure and compliant at all times.