Get up and running with Evervault Encryption in less than 5 minutes.

In this example, we will use Inbound Relay to encrypt a sensitive piece of data. Before starting this tutorial, you'll need to sign up for an Evervault account and create an App.

Getting Started

Create an endpoint

To get started with Inbound Relay, you will need an API endpoint that is accessible publicly over the internet. In this example, we will use RequestBin — a free service for generating temporary API endpoints which allows you to log and inspect request and response payloads.

You can create a RequestBin by navigating to requestbin.com/r. After doing so, you will be presented with an API endpoint URL which you can send requests to.

You can send an HTTPS POST request to your RequestBin using the following cURL script:

curl https://[YOUR_REQUESTBIN_ID].x.pipedream.net \
--request POST \
--header 'Content-Type: application/json' \
--data '{"name":"Claude Shannon", "ssn":"123-12-1234"}'

If you navigate back to the RequestBin Dashboard, you should be able to see the payload by clicking the request in the log panel on the left.

Create an Inbound Relay

Now that you have a publicly accessible API endpoint, you can create an Inbound Relay. An Inbound Relay is an encryption proxy that sits between the client and the server.

To create an Inbound Relay, go to the Inbound Relay section within your App in the Evervault Dashboard. Click the “Create an Inbound Relay” button and paste in your RequestBin endpoint URL as the target.

You’ll then be given a new API endpoint which you can send requests to. Your domain name should look like https://[YOUR_REQUESTBIN_ID]-x-pipedream-net.relay.evervault.com. Any requests that are sent to this API endpoint will be intercepted by Evervault before being proxied to the original destination API endpoint.

Run the same cURL command with the new Evervault API endpoint you just generated. Look in RequestBin and, you will see that the request has gone through, but the data is still visible because you haven't encrypted it yet. In the next section, we’ll configure the proxy to encrypt certain fields in the request.

curl https://[YOUR_REQUESTBIN_ID]-x-pipedream-net.relay.evervault.com \
--request POST \
--header 'Content-Type: application/json' \
--data '{"name":"Claude Shannon", "ssn":"123-12-1234"}'

Specify Fields to Encrypt

Now that you are proxying traffic through Inbound Relay, you can configure it to start encrypting sensitive fields.

Since you are sending a Social Security Number in the request which, is considered sensitive Personally Identifiable Information (PII), you need to encrypt this field. Navigate to the Encrypted Fields section within your Inbound Relay’s configuration page in the Evervault Dashboard. You will be presented with a list of request structures that were routed through your Relay in the preceding 24 hours.

You should see an entry for POST / with an option to configure the fields encrypted. Click the Configure button and toggle the ssn field. Once you save your changes, your Inbound Relay will now start encrypting the ssn key within all JSON and XML requests.

Run the same cURL command from the previous step. You will see that the request logged in the RequestBin will contain the name in plaintext, and the ssn field will be an Evervault-encrypted string.

curl https://[YOUR_REQUESTBIN_ID]-x-pipedream-net.relay.evervault.com \
--request POST \
--header 'Content-Type: application/json' \
--data '{"name":"Claude Shannon", "ssn":"123-12-1234"}'

You have successfully encrypted your first string with Inbound Relay!

What’s next?

Any string you encrypt using Inbound Relay can be used across the rest of the Evervault Platform. To process encrypted data using your code, you can use either Evervault Functions or Evervault Cages.