/plushcap/analysis/buildbuddy/buildbuddy-customer-managed-encryption-keys

Providing Control Over Cache Encryption

What's this blog post about?

BuildBuddy introduces control over cache encryption for its customers by allowing them to provide their own encryption keys. The platform supports keys managed by Google Cloud Platform KMS and Amazon Web Services KMS. Encryption is modeled on Snowflake's Tri-Secret Secure design, offering a composite master key combining customer-supplied and BuildBuddy-maintained keys for enhanced security. This dual-key encryption model, along with built-in user authentication, provides three levels of data protection. Technical details include the use of HKDF-Expand key derivation function and XChaCha20-Poly1305 algorithm for cryptographic operations. The encryption design and source code have been audited by a third party.

Company
BuildBuddy

Date published
June 5, 2023

Author(s)
Vadim Berezniker

Word count
330

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.