I’m curious, at what point in your app do you encrypt data? Do you ever encrypt it explicitly? Or do you rely on things like at-rest encryption within your database, and TLS over the network?
Do you do your own key management or rely on a key management service like Vault or from a cloud provider? How do you control access to the keys?
Which encryption libraries do you use? Which protocols (AES, RSA, etc)?
Do you use keys for anything else like JWTs or data signing and verification, SSH etc?
Top comments (0)