3

Hello to all

I did a lot of research on encrypting important data such as credit card numbers in Spring Boot, and three ways to securely encrypt data caught my attention:

  1. Protect secrets with Hashicorp Vault
  2. Column-level encryption
  3. Data Encryption with Java Cryptographic Extensions

All three methods have their advantages and disadvantages. The initial setup of the vault requires a lot of configuration, and I could not find a complete and integrated source for learning it. Column-level data encryption imposes a large processing load on the server, and requires the management of cryptographic keys. The third case requires the creation, management and maintenance of encryption keys for each client request. Is there a better choice for managing sensitive customer data such as email addresses or credit card numbers? Or is it recommended to use Vault to manage the secrets of website users?

Jack Pate
  • 169
  • 4
  • 15

1 Answers1

1

Can I encourage you to take a look at our product. I don't want this to be a shameless plug but as a developer who has felt your pain, I think you would want to take a look at what we have. We have designed it to address some of your concerns. ubiqsecurity.com.

To address your specific considerations.

  1. MUCH easier than setting up Hashicorp Vault. We have demos of creating an account and sharing encrypted data in two different languages within 5 minutes. The demos should help you get started if necessary but I wouldn't expect you to need them. Our client libraries also have fully functional examples to help you get started.

  2. This seems to be the reason DBAs are hesitant to turn on encryption within the DB layer. We are leaving the encryption at the application layer. If your encrypted DB is up and running and someone is on the DB server with harvested credentials is your DB really secure?

  3. We manage encryption keys for you. Client uses an API key (similar to other SaaS). Data is encrypted on the client.

Please feel free to reach out to us if you have any questions. Again, not trying to be a shameless plug, but we know the problems developers face when working with encryption and feel our solution addresses a number of the issues you are facing as well as others you haven't even mentioned.

Gary
  • 71
  • 2
  • Hi. First of all, thank you very much for your explanation. I think your product is practical and complete, and can be a good choice for solving common security problems, and recording events in log files is also useful. – Jack Pate Jan 26 '21 at 21:07
  • But there is a big problem for me! And it does not allow me to use some of the services provided by Google and its affiliates, such as Firebase, or many other commercial services like you! I am an Iranian, and because of my country's policies and international relations, I can not exchange money with foreign banks. And 1,000,000 encryption requests a month, not responding to my business website !. So, in fact, this time I have to regret it, and choose other solutions. It may sound ridiculous, but some of your daily routine, like buying API services, is a myth to us! Good luck – Jack Pate Jan 26 '21 at 21:07
  • Jack - Glad you appreciated the post and see value in the offering. Sounds like we both focus on tech, not politics. Best of luck. – Gary Jan 27 '21 at 06:51
  • Yes. The world of politics destroys progress and communication. Hopefully one day justice will be the same for all.Good bye – Jack Pate Jan 27 '21 at 08:04