toc

Cages

Process encrypted data.

Cages are serverless functions hosted on Evervault for processing the data you encrypt with Relay or our SDKs. You can use Cages to isolate your Node.js code that processes sensitive data from the rest of your stack.

You can write and deploy any serverless function to a Cage. At present, Cages can only be written in Node.js. You can call and run a Cage with any language that can send HTTPS requests.

Deploy Docker Containers as Cages for machine learning, resource-intensive apps or services, and worker processes — coming soon.

Use Cases

You can deploy any Node.js code as a Cage to process data in whichever way you need.

  • Serverless functions. Cages are serverless functions, so you can deploy any code you would to other serverless function services — like AWS Lambda, Firebase Functions, Azure Functions, Cloudflare Workers etc. The core difference being that you never touch sensitive data in plaintext.
  • Machine learning. Deploy your machine learning model as a Cage, send it the data you encrypt with Relay, and get the result.
  • Document generation. Encrypt & store identity data (like addresses and social security numbers), generate a document in a Cage, and send to a third-party direct mail API like Lob.
  • API authorization. Encrypt your users' credentials for third-party services using Relay, and authorize with those services by running a headless browser in, or calling an API from, a Cage.

Deploy your Cage

You can deploy a Cage by connecting to a GitHub repository (see below) or using the Evervault CLI.

Create Cage with GitHubEvervault Dashboard

In the Evervault Dashboard:

  1. Click New Cage
  2. Select Choose Template
  3. Authenticate with GitHub if you haven’t already
  4. Install the Evervault app on GitHub
  5. Select a template Cage
  6. Create your Cage

Run your Cage

Automatically run your Cage code by passing the Cage name and the payload into the evervault.run() function. Or, send an HTTPS POST request with a JSON payload and API-Key header to https://run.evervault.com/cage-name.

Cages can currently only be called server-side because they require your team's API key for authentication.

  • Node.js
  • Python
  • Ruby
  • PHP
javascript
// `encryptedData` must be an Object
const result = await evervault.run('YOUR-CAGE-NAME', encryptedData);

Run your application to see the result. Return the result to the client via your server, or forward it to a third party API via an HTTP request. All outbound HTTP requests are logged, and are shown in your team's Dashboard.

The Node.js SDK is pre-initialized in all Cages as the globally-scoped evervault object. This allows you to encrypt the result, and store it in your database.

Update your Cage

If you do a push to your GitHub repo, Evervault will automatically update your Cage code. If you choose to deploy with the Evervault CLI, use the ev cage deploy command to update your Cage code.

Cages which take a long time to run can also be run asynchronously by providing an `x-async: true` header. Execution time is limited to 15 minutes.

We know that you will never want slower requests, so we are always reducing the cumulative network and runtime latency of Cages (and all other Evervault services).

Cage networking

When sending data to a third-party API via your Cage, Evervault ensures that the destination API is included in your API whitelist (if provided).