Skip to content

Advanced Security & Encryption

Your security is our top priority. In order to protect your sensitive data—such as your SUI private key—our system employs robust encryption methods before saving any configuration. Rest assured: your private key is never stored in plaintext. Instead, it is encrypted using industry‑standard methods, ensuring that even if our storage were ever compromised, your key remains confidential.

How We Protect Your Private Key

When you save your configuration via the save-config API endpoint, your SUI private key is immediately encrypted before being stored. This means the raw (plaintext) key is never written to disk or logged. Our process uses the trusted AES-256-CBC encryption standard.

The Encryption Process

  1. Encryption Key Setup

  2. Randomized Generation using IV:
    No ENCRYPTION_KEY is provided, our system generates a random key using secure random bytes.

  3. Random Initialization Vector (IV)

  4. Every time a private key is encrypted, a new 16‑byte random initialization vector (IV) is generated.

  5. This unique IV ensures that encrypting the same data twice produces different ciphertexts, which prevents attackers from recognizing patterns in the encrypted data.

  6. AES-256-CBC Encryption

  7. We use the AES-256-CBC algorithm—a widely adopted, strong encryption standard.

  8. The algorithm takes three inputs:
    • The plaintext private key.
    • The secret encryption key (from ENCRYPTION_KEY generated randomly).
    • The random IV.
  9. The output is a ciphertext. We then combine the IV and the ciphertext (separated by a colon :) so that the IV is available during decryption.
  10. The private key is only stored once fully encrypted using the IV based AES-256-CBC algorithm.