Providing Control Over Cache Encryption
BuildBuddy introduces control over cache encryption for its customers by allowing them to provide their own encryption keys. The platform supports keys managed by Google Cloud Platform KMS and Amazon Web Services KMS. Encryption is modeled on Snowflake's Tri-Secret Secure design, offering a composite master key combining customer-supplied and BuildBuddy-maintained keys for enhanced security. This dual-key encryption model, along with built-in user authentication, provides three levels of data protection. Technical details include the use of HKDF-Expand key derivation function and XChaCha20-Poly1305 algorithm for cryptographic operations. The encryption design and source code have been audited by a third party.
Company
BuildBuddy
Date published
June 5, 2023
Author(s)
Vadim Berezniker
Word count
330
Language
English
Hacker News points
None found.